It has officially been one year since the release of the Biden administration’s Executive Order on Cybersecurity, which outlines security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a software bill of materials for the open-source libraries in use so that known vulnerabilities are disclosed and able to be tracked in the future, among other things.
Most software today isn’t developed entirely from scratch. Instead, developers rely on a range of third-party resources to create their applications. By using pre-built libraries, developers don’t need to reinvent the wheel. They can use what already exists and spend time on proprietary code, helping to differentiate their software, finish projects quicker, reduce costs, and stay competitive. These third-party libraries make up part of the software supply chain.
In the past, responsibility for data privacy and security fell on non-development teams, like IT, security or compliance. But this is changing. Thanks to the adoption of cloud native technologies and trends like policy-as-code, developers are more focused on security than ever. According to the Styra 2022 Cloud-Native Alignment Report, over half of developers think their organization should enhance its data privacy efforts in the next 12 months.
Ready to secure government applications? Start with Zero Trust. Trust is the foundation of successful relationships. We want to trust our friends, companies, government, etc., and be trusted in return. But, sometimes mistrust better serves us. A few years ago, the cyber world adopted an approach to security known as trust-but-verify. A simplistic approach, it delivered innovative digital services to consumers – securely and efficiently.
Many companies look to CISOs or compliance teams to manage security throughout software development. But this practice usually keeps security considerations separate from developers. CISOs can assign security tasks to developers, but if developers aren’t thinking about security regularly, those tasks may be overlooked.
You might think of Star Wars as a movie reserved for geeks, but what if I told you that there are deep life lessons that can be applied to developer security practices? Get your lightsaber ready and prepare to dive into JavaScript security! Star Wars is an epic space-based film series written and directed by George Lucas that often needs no introduction. I’m a fan myself, and personally relate to many of the quotes shared by Jedi Knights in the movie series.
After a two-year hiatus, Datadog customer summits are back. And what better place to begin in-person again than in sunny Denver, Colorado!
Recently I shared with you our excitement about our agreement with TA Associates (TA) to make a significant growth investment in Veracode. I am pleased to share that the deal is now closed, opening up a tremendous new chapter in Veracode’s journey.
Securing modern-day production systems is expensive and complex. Teams often need to implement extensive measures, such as secure coding practices, security testing, periodic vulnerability scans and penetration tests, and protections at the network edge. Even when organizations have the resources to deploy these solutions, they still struggle to keep pace with software teams, especially as they accelerate their release cycles and migrate to distributed systems and microservices.
