Joel Krooswyk, federal chief technology officer at GitLab (Nasdaq: GTLB), said “open source developers take pride in their code” and their commitment to security reflects through their collaborative efforts to quickly address vulnerabilities.
“Neither corporate nor individual contributors want their names on code that has vulnerabilities. Therefore, fixes and patches are developed and submitted quickly into repositories,” Krooswyk wrote.
He noted that 2023 will be the year for government agencies to comply with mandates from the National Institute of Standards and Technology, Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency to ensure the security of the software supply chain.
“Agencies will be asked to institute security scanning and other testing, and they will be required to have software bills of materials and other attestation in place to verify that their vendors adhere to government mandates,” Krooswyk said.
He cited the need for agencies to adopt platforms and tools that could offer them comprehensive visibility into vulnerabilities in software or applications.
Krooswyk mentioned the role of visibility and traceability as a key principle of software development and noted that code quality testing, security scanning and fuzz testing are some of the activities that could help agencies ensure the security of their code.