Janek Claus, director of Application Development at Sev1Tech, offered some remedies for this significant issue to host John Gilroy on this week's Federal Tech Talk.
Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.
Years ago, software developers would methodically write code by hand. The was time consuming and prone to errors. Today’s development method entails grabbing prewritten blocks of software from libraries and combining them with old fashioned handwritten code. Some experts estimate that 70%-80% of code is not developed but assembled. Some would call this method a supply chain for software.
The problem is that malicious code can worm its way into the software libraries that are used. In fact, Jeff Williams, founder of Contrast Security, states that on average, applications contain over twenty-six serious vulnerabilities each.
This observation has not been ignored by the people at the White House. The Executive order on Improving the Nation’s Cybersecurity speaks about securing the nation’s software supply chain.
Janek Claus is the director of Application Development at Sev1Tech, and he offered some remedies for this significant issue, when he joined host John Gilroy on this week’s Federal Tech Talk. Claus reviewed several options including automation to review code for malicious code, and he opined that new offerings like the supply chain levels for Software Artifacts will offer many ways to prevent issues from occurring.
Claus looks forward to the recent announcement of GitHub CoPilot to assist in software development as well.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.