Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.
Software development has changed drastically over the past decade. Take a 22-year-old graduate with a degree in computer science. At one time, they would start off testing code, then start to write code line-by-line. Today, 80% of applications are developed using open source software. Instead of laboriously worrying over each caret and comma, code is grabbed and assembled. This can make for quick iterations and rapid project completion.
However, malicious actors are informed of new software developments as well. During the discussion, Jason mentions that some see open source code with a 12% vulnerability factor. They are playing a two-step game. First, create free open source code, and an organization downloads it. Then, they come back through a back door and inject malicious code.
Jason Green is the vice president, Public Sector, and Derek Weeks is the vice president and DevOps Advocate at Sonatype. They are subject matter experts and joined host John Gilroy on Federal Tech Talkto show how their company can reduce cost and increase cybersecurity for federal agencies.
Sonatype is used in over 150 federal agencies, and provides assurance that the code is clean. Their website claims to offer more secure code with less hassle by providing central repositories for code. Listening to this discussion just reinforces that difficulty of securing an enterprise-level system for attack.