Red Hat’s David Egts: Agencies Should Screen Open Source Code for Cyber Risks

David Egts

David Egts, chief technologist for Red Hat’s North American public sector, has said federal agencies should assess open source code for cyber vulnerabilities prior to adoption.

Egts wrote in a Nextgov piece published Monday that agencies should monitor open-source libraries and repositories that developers use to download the code and deploy a code analyzer to detect memory corruptions, resources leaks and other issues that could be leveraged by adversaries.

“Agencies can also participate in crowdsourced security initiatives designed to test the efficacy of their defenses and reinforce the notion that security must be taken seriously by everyone, including developers,” he noted.

He mentioned the Defense Department’s Hack the Pentagon and the Core Infrastructure Initiative Badge Program as examples of those initiatives.

Egts called on agencies not to circumvent “a rigorous procurement process that takes into account security hygiene and quality assurance” in order to protect their infrastructure from cyber threat actors.

You may also be interested in...

Seth Cutler CISO NetApp

NetApp’s Seth Cutler: AI Can Support Agency Data Security, Compliance Efforts

Seth Cutler, chief information security officer of NetApp, has said implementing artificial intelligence tools can help the public sector manage data protection, compliance and risks as agencies increase the pace of digital transformation projects to address cybersecurity threats.

Cybersecurity

DIU Taps CounterCraft to Help Deploy, Mature Threat Intell Prototype

The Defense Innovation Unit has awarded threat intelligence technology maker CounterCraft an other transaction agreement to mature the company’s counterintelligence tool in an effort to improve the protection of Department of Defense systems.

Palo Alto Networks

Palo Alto Networks Gets FedRAMP Approval for Three Data Security Products

Palo Alto Networks has added three cloud products to its suite of government-approved offerings under the Federal Risk and Authorization Management Program. The Palo Alto Networks Government Cloud Services now includes the Prisma Cloud, Cortex XDR and Cortex Data Lake platforms that have received moderate FedRAMP authorization with the help of the Federal Housing Finance Agency, the company said Monday.