NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

This Spring, the National Institute of Standards and Technology (NIST), released updated recommendations (.pdf) to improve software resilience against vulnerabilities. This builds on an earlier, four-part framework released last year. As the department explains: Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software ... Read More

Six Memorable Sessions with Government DevSecOp Leaders: What We Learned

The afternoon of May 6th made clear that the time for DevSecOps is now across the federal government. An audience of over 500 attendees across the public sector joined together online to connect with five government DevSecOps pathfinders and one notorious white hat hacker. These sessions are now recorded and ... Read More

Top 6 Reasons the Time is Now for DevSecOps in the Federal Government

Underpinning all modern technology - software and hardware - is a supply chain. However, even as “software eats the world,” or we could argue “ate the world,” there is still too little understanding of the software supply chain, with continued focus on hardware. The reality, however, is that software is ... Read More