The trend across civilian and defense agencies when it comes to software development is clear. People and culture matter the most when changing the way an agency develops software. Even with reskilling and training employees, agencies still aren’t guaranteed success in using DevSecOps. Many agencies need to become more comfortable with automating the security controls as well as change the way these projects are funded. Hear from leaders at Air Force, Navy, Army, the Centers for Medicare and Medicaid Services, and National Geospatial-Intelligence Agency on how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers in the latest Federal News Network Expert Edition report.
Applying DevOps Principles to Achieve Software Supply Chain Security
“A recent survey sponsored by CloudBees showed that software supply chain security is top of mind for many senior executives right now. The problem is a general lack of clarity on what to do about it. A recent executive order from President Joe Biden’s administration charges several agencies, including the National Institute of Standards and Technology, with releasing guidance around this very issue. NIST’s preliminary guidelines were due in early November and not yet released at the time of this article.”
Read more insights from CloudBees’ CISO, Prakash Sethuraman.
5 Ingredients for Successful Mobile DevSecOps
“Applying DevSecOps principles to mobile app development is somewhat different from web. ‘If you think about a web application, it basically runs in any browser on any desktop or device in the world. So in terms of developing and testing it, you really just need to test it once or twice for one or two browsers. And in terms of coding, the browser and server provide a ton of security built in and easy for the developer to use,’ said Brian Reed, chief mobility officer at NowSecure. ‘For mobile apps, you have to choose iOS or Android. And if you do both, you have to write it twice, effectively. Unlike web browsers, to build apps for mobile devices, the developer has to understand how the mobile device and operating system works, how secure data storage works, how crypto works, how secure network communications works and a myriad of other security application programming interfaces (APIs).’”
Read more insights from NowSecure’s Chief Mobility Officer, Brian Reed.
Software Bill of Materials is the First Step to Improve Software Supply Chain Security
“A confluence of events, including the SolarWinds breach and the subsequent White House executive order on cybersecurity, has pushed software supply chain security center-stage for the federal government and the ecosystem of contractors that do business with it. It’s a top priority for many executives, but traditional notions of cybersecurity are proving inadequate to the current landscape, and the path forward isn’t always clear. So where do they start?”
Read more insights from Anchore’s Solutions Architect and Technical Lead, Jeremy Bryan.
4 Strategies to Overcome Obstacles in Adopting DevSecOps in Your Agency
“A recent survey conducted by Federal News Network in partnership with Atlassian revealed a large disconnect between IT and non-IT staff at federal agencies. Fewer than 10% of respondents said their business or mission area was heavily involved in setting project requirements for IT services. Two-thirds of respondents said they don’t get to comment on or review new technology capabilities during development or before they are launched. And 63% said collaboration within the agency was difficult.”
Read more insights from Atlassian’s Director of Technology for Public Sector, Ken Urban.
Download the full Federal News Network Expert Edition report for more insights on the future of DevSecOps from Carahsoft’s technology partners and leaders at Air Force, Navy, Army, the Centers for Medicare and Medicaid Services, and National Geospatial-Intelligence Agency.