NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

2 minute read time

NIST recommends a SSDF framework to assess open source component cybersecurity risks, including an SBOM and automated security controls in the SDLC.
Read More...

Federal DevSecOps Leaders: It's Time to Join The Conversation

3 minute read time

The DevSecOps Government Leadership Forum, typically hosted in Washington, D.C., will be hosted online so government leaders everywhere can participate.
Read More...

NIST Proposes Standards to Secure Government SDLC

3 minute read time

NIST has proposed a set of standards to address the growing need for better software security. Public comment is open until August 5, 2019.
Read More...

Cybersecurity Improvement Act of 2017:  The Ghost of Congress Past

2 minute read time

A steady breeze is blowing from Washington DC that is nudging the software industry toward a future in which vendors will no longer be immune to liability.
Read More...

How a Software Bill of Materials Uncovers Known Vulnerabilities

3 minute read time

How a Software Bill of Materials Uncovers Known Vulnerabilities
Read More...

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

4 minute read time

[Part 3] Code, Cars, and Congress: A Time for Cyber Supply Chain Management
Read More...

[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management

5 minute read time

[Part 2] Code, Cars, and Congress: A Time for Cyber Supply Chain Management
Read More...

Code, Cars, and Congress: A Time for Cyber Supply Chain Management (1 of 3)

5 minute read time

Code, Cars, and Congress: A Time for Cyber Supply Chain Management
Read More...

Talking Turkey in Texas: Open Source Governance Lags

3 minute read time

Talking Turkey in Texas: Open Source Governance Lags
Read More...