Rapid software development in the federal government

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

Years ago, software developers would methodically write code by hand. The was time consuming and prone to errors. Today’s development method entails grabbing prewritten blocks of software from libraries and combining them with old fashioned handwritten code. Some experts estimate that 70%-80% of code is not developed but assembled. Some would call this method a supply chain for software.

Janek Claus, director, Application Development, Sev1Tech

The problem is that malicious code can worm its way into the software libraries that are used. In fact, Jeff Williams, founder of Contrast Security, states that on average, applications contain over twenty-six serious vulnerabilities each.

This observation has not been ignored by the people at the White House. The Executive order on Improving the Nation’s Cybersecurity speaks about securing the nation’s software supply chain.

Janek Claus is the director of Application Development at Sev1Tech, and he offered some remedies for this significant issue, when he joined host John Gilroy on this week’s Federal Tech Talk. Claus reviewed several options including automation to review code for malicious code, and he opined that new offerings like the supply chain levels for Software Artifacts will offer many ways to prevent issues from occurring.

Claus looks forward to the recent announcement of GitHub CoPilot to assist in software development as well.

 

Related Stories

Comments

Federal Tech Talk

TUESDAYS at 1:00 P.M.

Host John Gilroy of The Oakmont Group speaks the language of federal CISOs, CIOs and CTOs, and gets into the specifics for government IT systems integrators. Follow John on Twitter. Subscribe on Apple Podcasts or Podcast One.