The Department of Defense’s Office of the Chief Information Officer is considering an update to DOD’s DevSecOps guidance in light of recent cyber attacks, The Cyber Edge reported Wednesday.
“We published more than a year ago some DevSecOps guidance where we identified a set of required and preferred activities for what should be incorporated in the DevSecOps pipeline,” Rob Vietmeyer, chief software officer for the deputy CIO for information enterprise within the Office of the DOD CIO, said during a panel discussion at a Honolulu conference this week.
“We’re now re-looking at that given the some of these attacks and trying to update our guidance to help people navigate through some of these mechanisms because it is a complex environment right now,” he added.
Aaron Weis, managing director of Google Public Sector and a four-time Wash100 awardee, joined Vietmeyer during the panel discussion, citing the limitations of the risk management framework when it comes to addressing cyberthreats.
“RMF is proof positive of why this kind of mindset shift, in terms of left of boom, intercepting these bad code injections into a pipeline are so critical. And it’s never going to be addressed through RMF, right? There’s no amount of spreadsheets and checklists that are going to overtake the dynamic nature of the problem that we’re trying to solve for,” said Weis, who is also former CIO of the Department of the Navy.