Chris Wysopal, co-founder and chief technology officer at Veracode, said government agencies should advance the adoption of software that is secure by design by educating developers and providing them with the tools they need to integrate security into every aspect of software development.
In an article published on Carahsoft.com, Wysopal wrote about agencies’ transition to zero trust and how the approach directs them to “shift from applying security at the end to thinking about security from the beginning and throughout the life cycle of an application, including how it is deployed and updated.”
As agencies implement the DevSecOps approach, he noted that they are incorporating security into the software development process, particularly in the testing phase.
According to Wysopal, integrating application security into the automated testing process enables developers to detect and address vulnerabilities before fielding an application.
“Security that works well is transparent, which means it is running in the background on every build, and it’s inescapable,” he wrote.
“Vulnerabilities should be quickly detected, and the build should automatically stop until a mitigation plan is developed and implemented,” Wysopal added.
The Veracode executive stated that the Cybersecurity and Infrastructure Security Agency and the Office of the National Cyber Director highlight the importance of integrating security into the software development process.