Ron Ross, a fellow at the National Institute of Standards and Technology, said that both the commercial and government sectors need transition into DevOps and DevSecOps-based approaches to strengthen national security, Fifth Domain reported Tuesday.
Ross told attendees at an Advanced Technology Academic Research Center-hosted event that industry should be a key partner in deploying new software development methods and ensuring that security controls are safe for implementation in U.S. systems.
“Give us some evidence that those security features are actually in place and doing what they’re supposed to do,” he said.
According to Ross, the private sector must be able to produce at the pace of the industry while integrating appropriate security capabilities into the agile development process.
He added that agencies must deploy a “holistic view” in cybersecurity to include methods like zero-trust concepts and other cyber resiliency approaches.
