Pete Chestna, Checkmarx CISO, on the Technologies Enabling a Continuous ATO

With software becoming increasingly essential to today’s government and military, and digital transformation initiatives among the highest priorities within the IT departments of government organizations, there is a strong desire across the government to develop and implement new applications quickly.…

Continuously Automate SAST in DevSecOps Pipelines with Checkmarx and Refactr

Development, Security, and DevOps teams often find themselves struggling between timely delivery, secure code, and automation. A lack of expertise in security automation and developing repeatable workflows leads to further delivery delays, undetected vulnerabilities, and increased friction amongst the teams.…

Interactive Security Testing, DevSecOps, and NIST SP 800-53 Rev. 5 with Checkmarx

The need for increasing levels of software security is becoming even more apparent as organizations migrate applications to the Cloud and adopt DevSecOps as part of their software development and operational processes. During this panel discussion, you will hear from…

Open Source Without the Risk – How the Government Can Secure the Software Supply Chain

Earlier this month Checkmarx participated in a Webinar featuring cybersecurity leaders from across the federal government and its private sector partners to discuss one of the largest cyber challenges facing agencies today – software vulnerabilities in the open source solutions…

Exploring the Cyber Risks of Microservices

As the need to develop applications more quickly – at the pace of innovation – has increased and as government agencies have looked to introduce more scalability into the application development process, software development teams have moved away from developing…

Everything-As-Code Everywhere All at Once

As software and applications have become more mission-critical across the government, the need to develop and deploy new solutions and capabilities to the workforce quickly has increased. The need to rapidly develop and deploy secure applications has given rise to…

DevSecOps, ATOs, and Segregation of Duties – Can These Things Coexist?

Government agencies and military organizations have historically placed barriers between the development and deployment of new applications – and for very good reason. When sensitive constituent data is on the line, it’s essential that these applications are secure. And, in…

How AI is improving constituent experience for the Maricopa County Clerk of the Superior Court

Artificial Intelligence (AI), machine learning, and other advanced applications have been revolutionizing customer experience and customer service within the private sector for a few years now. We’ve all seen conversational AI in action, with virtual assistants popping up in the…

Shifting Application Security Left Requires Changing Both Culture and Tools

In late August, the Advanced Technology Academic Research Center (ATARC) sponsored a Webinar in conjunction with Checkmarx and Invicti entitled, “Shifting Security Left with DevSecOps.” This virtual panel discussion featured prominent application development leaders and experts from both the government…

State Government Cloud Adoption Requires Cloud-Ready, Centralized AppSec

This article was originally featured on the Checkmarx blog. Click HERE to read the original article in its entirety. In a recent FedRAMP survey conducted by Maximus and Genesys 49 percent of state and local government respondents said most of their systems and solutions were…

 

 

 

We launched GovDevSecOpsHub to focus on the next evolution of application development, DevSecOps, which brings cybersecurity teams and tools into the development process sooner so that applications are more secure and safeguarded against cyber threats.

In  GovDevSecOpsHub we’ll look at the evolution from traditional software and application development to the DevOps model. We’ll talk about the importance of moving from DevOps to DevSecOps. We’ll highlight the technologies and cultural changes necessary to make this shift happen. And we’ll profile government organizations and executives that are the “boots on the ground” as the government pivots towards the DevSecOps model.