Aqua Security this week claimed it is the first software supply chain security platform provider to meet the attestation requirements as defined by an executive order issued to federal agencies last year by the Biden administration. A supplementary memo issued by the Biden administration required federal agencies to collect compliance attestation letters for all software […]
One Year Out: What Biden’s EO Means for Software Devs
It has been just over a year since president Biden issued executive order 14028 (EO) to improve the nation’s cybersecurity posture. Despite the Log4j vulnerability and a worldwide increase in ransomware attacks, this EO signaled a major step in improving software security at federal agencies and establishing cybersecurity as a priority for the U.S. government. […]
Can Regulatory Mandates Secure Software Development?
Software companies have a long history of delivering incomplete and insecure products. This happens for a couple of reasons. Fast time-to-market has always been a business priority, taking precedence over security, especially as DevOps has become the norm in software development methodologies. And software, by nature, is easy to update and change, so some defects […]
How the Cybersecurity EO Impacts DevOps Teams
Eric Greenwald, general counsel for Finite State, talks with Mike Vizard about how the executive order for securing software supply chains issued by president Biden will impact DevOps teams. The video is below, followed by a transcript of the conversation. Announcer: This is Digital Anarchist. Mike Vizard: Hey, guys. Thanks for the throw again. We’re […]
Google Proposes SLSA Framework to Secure Software Supply Chains
Google is proposing organizations adopt a framework for securing the integrity of software artifacts across a software supply chain. Kim Lewandowski, a product manager for open source software security at Google, said the Supply Chain Levels for Software Artifacts (SLSA) is based on an internal framework, known as binary authorization for Borg, that the company […]
What Biden’s Cybersecurity EO Means for DevOps Teams
On May 12, 2021 President Biden issued Executive Order 14028, also known as the Executive Order on Improving the Nation’s Cybersecurity. This EO covers a lot of ground, and like all executive orders, it instructs agencies of the U.S. Federal Government to perform specific actions. What it doesn’t do is appropriate funding or create industry […]