Today we sit down with Jason Goetz, Senior Director, Public Sector, Snyk to talk about securing software for the federal government.
When most people think of a supply chain, they think of a physical item. For example, a manufacturer in China makes a router and ships it to the United States. The impact of the supply chain has been thoroughly apparent due to COVID disruptions.
However, most software developers today do not start from a blank slate, they start by grabbing code from a code repository and assembling it like Legos. In many situations, they follow agile development precepts and iterate and get feedback, but what happens is that the code is completed without any consideration for a security scan. Inevitably, issues will be found, and the development team must go back to work.
During the interview, Jason Goetz suggests there is a better approach, he calls it, “Shift Left.”
Software developers are famous for arguing over whiteboards about projects. This is so common that a new concept has been suggested that reflects the predilection. For the mere mortals reading this, this means to look at all the boxes and circles on a whiteboard and not bolt on the security at the end. The idea is to make the security part of the project from the
beginning, you shift to the left of the confusing boxes and circles on the whiteboard.
Snyk presents an intriguing way for the federal government to reduce costs and improve security of large projects.
If you enjoyed this article, you may want to listen to Episode #4 Identity Management and Federal Systems.