software supply chain security | GovernmentCIO Media & Research

software supply chain security

Securing open-source software is a unique challenge, and the federal government is just starting to develop ways to evaluate and minimize security risks associated with its use.
Modernizing approaches to software security leads to better detecting vulnerabilities and preventing zero-day incidents like the SolarWinds attack.
CFPB and DOE shift their attention to zero trust as they work to eliminate risks and build a higher level of protection around their software supply chains.
Concepts and mandates such as cyber incident reporting, DevSecOps and zero trust only go so far.
Kessel Run, DOD's first software factory, is about to help one air combat command unit move all operations to a software environment designed via DevSecOps.
Tools like software bills of materials can improve software supply chain visibility and security.
Establishing security requirements at the beginning of the software development life cycle is key.