On May 12, 2021, President Biden’s Executive Order on Improving the Nation’s Cybersecurity finally hit the street. Amongst all its goodness about the software bill of materials (SBOM), software supply chain security, and cybersecurity there’s some good news about FedRAMP and these developments are going to be a major step forward for government cloud security, …
Cybersecurity Executive Order Brings FedRAMP Changes Aplenty Read More »
On Wednesday, May 12, 2021, President Biden’s new and much-expected Executive Order on Improving the Nation’s Cybersecurity was published. This new executive order (EO) includes a major element outlining new guidelines for how US federal government programs are to interact with industry software suppliers and partners, moving forward. There are many notable improvements throughout the …
Latest Cybersecurity Executive Order Requires an SBOM Read More »
Operations models are coming at us fast and furious these days. To top that off, DevOps and DevSecOps adoption and maturity are only increasing during the pandemic. It’s now incumbent for DevOps and DevSecOps teams to get all their system configurations under the same level of control and governance as they do with their application …
How GitOps plays in a DevOps and DevSecOps World Read More »
SolarWinds and now Codecov point to the need for enterprises to better manage how they procure and intake open source software (OSS) into their DevOps life-cycle. While OSS is “free” it’s not without internal costs as you procure the software and bring it to bear in your enterprise software. Here are five open source procurement …
As the tech industry continues to gather lessons learned from the SolarWinds and now Codecov breaches, it’s safe to say that artificial intelligence and machine learning are going to play a role in the future of DevSecOps. Enterprises are already experimenting with AI and ML with the hopes of reaping future security and developer productivity …
We aren’t about to stop hearing about the need for a software bill of materials (SBOM) and software supply chains security anytime soon. You can expect more news about a Presidential executive order about SBOMs and a new software supply chain breach at Codecov that we’re all still learning more about. Impending Executive Order about …
2 SBOM & Supply Chain Security News Items to Watch Read More »
The Continuous Authority to Operate (cATO), sometimes known as the Rapid ATO, is becoming necessary as the DoD and civilian agencies are putting more applications and data in the cloud. Speed and agility are becoming increasingly critical to the mission as the government seeks new features and functionalities to support the warfighter and other critical US …
Continuous Authority to Operate: The Realities and the Myths Read More »
It’s time to make evaluating and mitigating software supply chain security attacks top of mind as government agencies, corporations, industry analysts, and security firms try to chart a course forward for supply chain security after the SolarWinds hack. Security Challenges Here are some software supply chain security challenges you should keep at top of mind …
Software Supply Chain Security: Now is the Time to Act Read More »
As organizations open up the software bill of materials (SBOM) to their security teams, there is a future of the SBOM as source data for threat intelligence is becoming abundantly clear. Applying intelligence to SBOM data is a natural step in a world where DevOps and DevSecOps teams use a range of tools and technologies …
The SBOM + Threat Intelligence are the Future of Software Supply Chain Security Read More »
The software bill of materials (SBOM) is gaining renewed attention and notoriety post-SolarWinds. More companies and government agencies seek deeper transparency into the software components entering their software supply chain. While there are critics out there that believe that the SBOM is a misguided concept for DevSecOps, the continuing evolution of DevSecOps, much less the …