EMERGING TECHNOLOGY, CYBERSECURITY
Businesswire | May 02, 2023
Veracode, a leading provider of intelligent software security solutions, today announced its attainment of State Risk and Authorization Management Program (StateRAMP).
StateRAMP offers state and local government agencies a standardized approach toward compliance to help them improve their overall security posture. Veracode obtained FedRAMP authorization in July 2022, and this week’s authorization by StateRAMP reaffirms the company’s commitment to deliver cloud-based application security software to agencies at all levels of government—federal, state, and local.
“High-profile attacks and vulnerabilities are significantly impacting the software supply chain across industries, and state and local government is no different,” said Claire Bailey, Regional Vice President of Governmental Affairs at Veracode. “Agencies need capabilities that allow them to protect the application layer. This authorization enables Veracode to support evolving state and local government security requirements. We look forward to assisting the StateRAMP mission of improving the cyber posture of public institutions and the citizens they serve.”
Veracode’s intelligent software security platform provides comprehensive application-layer protection to reduce risk in today’s dynamic threat environment. The platform supports a range of current and emerging cybersecurity requirements and best practices, including:
Securing the software supply chain through capabilities such as the generation of a Software Bills of Materials (SBOM), which provides visibility into the open-source code components that are contained in a software product Integrating security into software development from the beginning of the process (‘shifting left’) Providing a developer-friendly user experience to integrate security into the software development life cycle Supporting cloud-native development and managing risk across the application portfolio Uniting security and development teams to address cybersecurity challenges
The StateRAMP authorization enables Veracode to support state and local agencies’ cybersecurity initiatives at a time of increased risk. A shortage of skilled IT security professionals has depleted the security teams of many state agencies, and Chief Information Security Officers report risks arising from persistent malware, ransomware, and phishing attempts, according to a recent National Association of State Chief Information Officers (NASCIO) survey.
Veracode’s recent State of Software Security 2023 report revealed that, over the last 12 months, more than 74 percent of applications contained at least one security flaw. Due to variation in the types of flaws that compromise application security, security teams should use a variety of scan types to discover elusive flaws.
Bailey added, “Security teams should have confidence in the options available to secure their cyber infrastructure and make their digital landscape a safer place overall. StateRAMP makes this goal much more attainable for state and local agencies. Veracode’s platform provides a single view of an organization’s security posture and compliance via powerful reporting and analytics, restoring confidence in the digital infrastructure of agencies.”
State and local agencies can access Veracode’s comprehensive software security platform—including static analysis, software composition analysis (SCA), dynamic analysis, pipeline scanning, eLearning, container scanning, API scanning, and infrastructure as code (IaC) scanning—on the StateRAMP Marketplace.
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means.
EMERGING TECHNOLOGY, INFRASTRUCTURE, CYBERSECURITY
Prweb | May 17, 2023
Leading IT transformation and cybersecurity provider Evolver, LLC has been re-awarded a contract from the U.S. Architect of the Capitol (AOC) to provide information technology support services, a role fulfilled by the contractor for more than a decade.
Under the five-year contract renewal, Evolver will continue a 12-year-old partnership that has witnessed fast-paced transformation in IT, with increased focus on security and business continuity amid a rapidly changing modern workplace. Evolver’s dedicated AOC team will continue to provide Service Desk Support, Cybersecurity Operations, Enterprise Architecture Solutions, Information Management Services, and Application Development in support of the AOC’s mission.
The AOC is a Legislative Branch Agency with more than 2,000 employees. The institution is charged with the maintenance, operation, development, and preservation of 17.4 million square feet of buildings and more than 550 acres of land throughout Capitol Hill. Evolver’s support of AOC staff involves the seamless integration of resources, ensuring the AOC’s 230 year-old-mission is fulfilled with 21st-century technology.
“Working with the Architect of the Capitol has been a fundamental cornerstone of our IT transformation history,” said Mike Santelli, CEO of CSS, Evolver’s parent company.
“As we’ve grown, we’ve built an incredibly focused, dedicated, and highly performing team who set the benchmark for our customer service standards. This contract renewal allows for a smooth transition into an even more transformational era of IT solutions.”
Evolver LLC, a Converged Security Solutions (CSS) company, headquartered in Reston Virginia, is a technology company serving government and commercial customers by addressing client challenges in the present and transitioning clients to the future through innovative IT transformation and cybersecurity services and solutions.
Founded in 2000, Evolver delivers mission-driven services and solutions that improve security, promote innovation, and maximize operational efficiency.
Businesswire | May 30, 2023
Tidelift, a provider of solutions for improving the security and resilience of the open source software powering modern applications, today announced that it has been awarded three U.S. government contracts worth over $3.5 million, and is expanding its public sector organization in response to increased demand for innovative solutions that help the U.S. government improve its cybersecurity supply chain risk management (C-SCRM) capabilities.
High-profile software supply chain vulnerabilities including Log4Shell and SolarWinds have dramatically increased attention on the need for improved software security, both in the public sector and beyond. In the U.S., this effort began in May, 2021 with White House Executive Order 14028: Improving the Nation’s Cybersecurity, and since then a variety of policy and legislative initiatives around cybersecurity have gained traction.
In September, 2022, the U.S. government’s Office of Management and Budget released memorandum M-22-18 on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 formalizes the guidance provided in the NIST Secure Software Development Framework and NIST Software Supply Chain Security Guidance documents as the government requirements for developing secure software, and mandates federal government agencies comply with these guidelines.
This memorandum sets aggressive deadlines for compliance with specific dates for both government agencies and organizations selling software to the government to comply with NIST guidelines. Among other stipulations, it requires that any organization selling software to the government must self-attest that their software is compliant with the NIST SSDF by June 2023 for critical software or by September 2023 for all other software.
More recently, the National Cybersecurity Strategy sets a new precedent for software security liability, with the government intending to hold software producers liable for damages caused by preventable security vulnerabilities and offer liability protections to organizations that can show they follow secure software development practices.
Tidelift awarded three U.S. government contracts worth over $3.5 million
In addition to efforts like those mentioned above, the U.S. government is increasingly investing directly in improving open source software security. Tidelift was recently awarded three separate innovation research awards as part of the U.S. government SBIR program. The SBIR program is designed to help U.S.-based businesses invest in their technical potential, while stimulating technology innovation and meeting specific research and development needs.
Through these SBIR Phase II awards, Tidelift is working with the Department of the Air Force and the Defense Advanced Research Projects Agency (DARPA) to help spur innovation in the systems and processes the U.S. government uses to improve open source software security and cybersecurity supply chain risk management. This investment will help Tidelift expand its industry-leading open source software management solution, including increasing its ability to partner with even more open source maintainers to validate their components meet important security, maintenance, and licensing standards required by government and industry users, and pay these maintainers for this critical work.
It will also help the U.S. government better address the requirements and deadlines emerging from Executive Order 14028, memorandum M-22-18, and the NIST Secure Software Development Framework, especially when it comes to the open source components in use in government applications. Tidelift is also helping address new requirements around software bills of materials (SBOMs) that U.S. government agencies are beginning to understand, interpret, plan for, and deploy. Along with Tidelift producing an SBOM from every application build, the company is actively working upstream with open source maintainers to validate and improve security, maintenance, and licensing metadata for their projects and capture this data using the TACOS (Trusted Attestation and Compliance for Open Source) attestation framework.
"The United States Air Force, and the Government as a whole, are among the largest consumers of open source software. With the increasing requirements around Software Supply Chain Risk Management (SCRM) and Software Bills of Materials (SBOM) initiatives, we are excited to partner with Tidelift to enhance cybersecurity resilience outcomes for open source software dependencies that support our most critical work," said Robert "Devo" DeVincent, Chief Software Officer, Air Force 309th Software Engineering Group.
Tidelift expands public sector organization to meet growing demand
Tidelift has named Matthew Arnow, a long-time veteran of Tidelift, to lead the newly expanded public sector team. Matthew heads up the team with extensive experience working with government and public sector clients.
“Tidelift looks forward to working more closely with our government and public sector customers and prospects to improve the resilience of our mission-critical open source infrastructure,” said Matthew Arnow, head of public sector for Tidelift. “Our unique approach of working directly with the maintainers behind thousands of important open source projects will help public sector customers comply with U.S. government security directives and meet necessary government and industry standards.”
Tidelift partners with Carahsoft to support public sector expansion
Tidelift has also partnered with Carahsoft, the leading government reseller partner, to help more quickly and effectively address the number of large public sector opportunities.
“Over the past year, we’ve seen increased demand from our customers for solutions that help improve open source software security and supply chain resilience,” said Natalie Gregory, vice president, Carahsoft. “We look forward to working with Tidelift and our reseller partners to deliver open source software supply chain risk management solutions to our government customers.”
Tidelift, a 2022 Gartner Cool Vendor, helps organizations effectively manage the open source behind modern applications. Through the Tidelift Subscription, the company delivers the tools, data, and strategies powering an inclusive and organization-wide approach to improving the health and security of the open source software supply chain. Tidelift enables organizations to move fast and stay safe when building applications with open source, so they can create more incredible software, even faster. https://tidelift.com/