software supply chain security
Securing open-source software is a unique challenge, and the federal government is just starting to develop ways to evaluate and minimize security risks associated with its use.
Modernizing approaches to software security leads to better detecting vulnerabilities and preventing zero-day incidents like the SolarWinds attack.
CFPB and DOE shift their attention to zero trust as they work to eliminate risks and build a higher level of protection around their software supply chains.
Concepts and mandates such as cyber incident reporting, DevSecOps and zero trust only go so far.
Kessel Run, DOD's first software factory, is about to help one air combat command unit move all operations to a software environment designed via DevSecOps.
Tools like software bills of materials can improve software supply chain visibility and security.