“Before any lines of code are written, the software development and application security teams should work together to establish a risk-based policy that features a shared vision of high-quality, secure software,” Miller wrote.
He noted that agencies should embrace dynamic, static and interactive app security testing and application programming interface security testing to automate security testing of their mobile apps.
“Running automated assessments on every code commit and every push or pull request will encourage adoption and enable further continuous testing,” he added.
Miller said agencies could also partner with companies that offer automated and manual app testing and discussed the potential benefits of continuous app monitoring to agencies.
Amid the increasing software supply chain attacks, Miller also called on agencies to require a software bill of materials for mobile apps they develop and those being used by employees on their agency-issued devices.
“Furthermore, a dynamic SBOM can show the geolocations of API and network connections, which can help agencies know when an application connects or shares data with foreign countries,” he added.
BigBear.ai has completed its acquisition of Ask Sage, a generative artificial intelligence platform designed for government and regulated industries, in…
The Defense Microelectronics Activity has awarded 10 companies positions on the potential 10-year, $25.36 billion Advanced Technology Support Program V, or…
The General Services Administration continues to advance the One Acquisition Solution for Integrated Services Plus, or OASIS+, contract vehicle through…
The Department of War administers the Cybersecurity Maturity Model Certification, or CMMC, 2.0 program to strengthen cybersecurity across the defense industrial…
