Industry needs to be able to tell government how software was developed and how security measures were integrated into it, a top official at the National Institute of Standards and Technology said March 10.
“Give us some evidence that those security features are actually in place and doing what they’re supposed to do,” said Ron Ross, a fellow at NIST who leads a new DevSecOps project.
Ross, speaking at an Advanced Technology Academic Research Center event on DevOps, said that the future of U.S. national and economic security hinges on industry and government getting the transition to DevOps and DevSecOps, two different software development approaches where collaboration and security considered from the beginning, because they are critical to national and economic security.
“All the work that’s going on now, whether it’s experimental or whether it’s becoming more mature, we need to be able to normalize this type of process so it becomes [something] people would just do routinely — it becomes institutionalized and operationalized across the entire federal government,” Ross said.
Industry, Ross said, is a critical partner in that process. The key is ensuring that customers no longer have to worry about the effectiveness and origin of security controls.
Keep reading this article at: https://www.fifthdomain.com/civilian/2020/03/10/how-industry-and-government-can-partner-for-more-secure-systems/