An Introduction to Continuous Software Engineering

If you have read my other articles, I hope you can sense my passion for enabling continuous software engineering practices. This should be no surprise coming from a co-host of the ContinuousX Podcast series. I believe that if a process…

DevSecOps, ATOs, and Segregation of Duties – Can These Things Coexist?

Government agencies and military organizations have historically placed barriers between the development and deployment of new applications – and for very good reason. When sensitive constituent data is on the line, it’s essential that these applications are secure. And, in…

Is a cATO Possible in Today’s Military?

In the last episode of the ContinuousX Podcast, hosts Rick Stewart and Michael Fitzurka of DLT were joined by Kaitlin Bulavinetz, the Chief of Staff to the Chief Software Officer of the United States Air Force, to talk about enabling…

Kaitlin Bulavinetz Discusses the Cultural Changes Needed to Embrace DevSecOps in the Air Force

The benefits of shifting from a traditional “waterfall” approach to application development to a DevSecOps approach to application development have been well documented – including in the GovDevSecOpsHub. Ultimately, by shifting security left in the development process, application development teams…

Three Steps for Accelerating the ATO Process

This article originally appeared on the Checkmarx blog. Click HERE to read the original in its entirety. An ATO or Authority to Operate is an authorization process that a software system needs to have before the agency can use it…

Developer Spotlight – Kessel Run Makes Air Force History

Last month, the Air Force Life Cycle Management Center (AFLCMC)’s Detachment 12, which is better known by its Star Wars-inspired operational name – Kessel Run – announced that its Kessel Run All Domain Operations Suite (KRADOS) would be operationally utilized…

Poll: Agency ATOs, DoDIN APL, or FIPS 140-2 – what drives your COTS software decisions?

To foster faster, more secure application development, many government organizations have turned to a new generation of application development platforms and commercial off the shelf (COTS) solutions designed to automate testing, bake security into every aspect of the development lifecycle…

Everyone Into the Platform One Pool!

The Air Force wants to open its Platform One services to private sector partnerships with the hope of tapping into a consortium of academic and industry organizations to enhance its coding environment. Platform One is an environment provisioned by the…

Security as Code — Making Application Development Faster and Safer

Right in the middle of the holiday season, as much of the world was preparing to take some deserved time off to celebrate with their families and bid 2020 a less-than-fond farewell, some terrible news broke involving a number of…

From “Trust but Verify” to “Never Trust” – the Importance of AST in application development

In our last article on the GovDevSecOpsHub, we sat down with Peter Archibald, the Regional Sales Manager for DoD and FSI sales at Checkmarx, and Jeff Ingram, a DoD Regional Sales Manager at Checkmarx, to discuss the inclusion of the…

 

 

 

We launched GovDevSecOpsHub to focus on the next evolution of application development, DevSecOps, which brings cybersecurity teams and tools into the development process sooner so that applications are more secure and safeguarded against cyber threats.

In  GovDevSecOpsHub we’ll look at the evolution from traditional software and application development to the DevOps model. We’ll talk about the importance of moving from DevOps to DevSecOps. We’ll highlight the technologies and cultural changes necessary to make this shift happen. And we’ll profile government organizations and executives that are the “boots on the ground” as the government pivots towards the DevSecOps model.