Cybersecurity
White House preps security controls for commercial software acquisition
The administration is attempting to leverage the procurement powers of the federal government to bolster software cybersecurity for the first time.
Cybersecurity
Senators’ Plan to Secure Open Source Software Involves Agencies Using More of It
The discovery of exploitable weaknesses in Log4j is resurfacing a 6-year-old push to save taxpayers money by calling on agencies to embrace open-source code.
Modernization
Bipartisan Senate Bill Aims to Safeguard Open Source Software
The Securing Open Source Software Act would task the Office of Management and Budget with issuing guidance around the secure usage of open source software and give new oversight responsibilities to the Cybersecurity and Infrastructure Security Agency.
Cybersecurity
Industry Objections Spur Changes to Cybersecurity Provisions in Defense Bill
Key members of the House and Senate are altering proposals for identifying systemically important critical infrastructure and securing the software supply chain.
Breaking News
Cybersecurity
OMB: New Acquisition Rule Coming for Vendors to Vouch for Their Software Security
Agencies are also allowed to accept to-do lists from vendors who need to keep working up to a point where they can self-attest their compliance with NIST guidance.
Modernization
DOD Needs to Modernize its Software Architecture for Next-Gen Warfare, Report Says
A paper published by the Center for Strategic and International Studies calls for the U.S. military to modernize legacy warfighting systems in order to prepare for future conflicts.
Cybersecurity
New Guide to Secure Software Development Passes on Content but Fails on Communication, Industry Official Says
The lengthy document may miss its target audience altogether, one industry observer notes.
Digital Government
Survey: Security Continues to be Major Factor for DevOps Platforms
Shifting left and other security measures are an important part of the development process and an increasing number of respondents are or intend to utilize this practice.
Digital Government
The Pentagon’s Plan to Speed Up Software Buying for Weapons Systems
The DOD’s dedicated software acquisition pathway is nearly two years old, and is already being used by a few dozen programs.
Ideas
All software is guilty until proven innocent
COMMENTARY | Agencies must embrace "shifting left," an approach that takes securing software in mind at the beginning of the development lifecycle.
Digital Government
Data Gap Poses Risks for Launch Site of VA’s New Health Record
The commercial electronic health record system being introduced by the Department of Veterans Affairs is proving difficult and expensive to adapt to the agency’s data reporting requirements.
Cybersecurity
CISA Solicits Feedback on Finer Points of Coming Software Transparency Requirement
The agency has identified four topics—including considerations for cloud and online applications—it wants to hear more about from stakeholders.
Cybersecurity
Federal CISO: Recommendations In to Acquisition Council for Software Procurement
Federal CISO Chris DeRusha says he doesn’t want to tie agencies’ hands regarding self attestation versus third-party verification of vendor practices.
Podcasts
Critical Update: The Call for Greater Software Transparency is Louder than Ever
Agencies will soon be required to ask vendors for a software bill of materials—or SBOM—to help manage vulnerabilities like those found in the Log4J library, but much of its contents could still be open to negotiation.
Modernization
Air Force software factory looks to unleash 'chaos' on civilian IT shops
The Kessel Run group is currently developing a playbook that would make it easier for organizations across the federal government to adopt engineering and security best practices.
Digital Government
Microsoft to Offer Its Office 365 Platform for Classified Workloads
Microsoft’s popular software-as-a-service offering is undergoing government review to ensure it can host some kinds of classified data.
Modernization
Software Certification Could Get A Little Simpler Under Evolving DARPA Project
An effort worth millions, led by GE Research, could result in an automated assurance model.
Emerging Tech
The Next Big Quantum Leap May Require Better Software
The raw power of increasingly advanced quantum computers could necessitate advances in software to make sense of the noise.
Cybersecurity
NIST Suggests Agencies Accept the Word of Software Producers Per Executive Order
The standards agency said an attestation from vendors themselves would be sufficient when screening for cybersecurity, unless an agency's risk calculus suggests otherwise.
Modernization