Jane Edwards
David Egts, chief technologist for Red Hat’s North American public sector, has said federal agencies should assess open source code for cyber vulnerabilities prior to adoption.
Egts wrote in a Nextgov piece published Monday that agencies should monitor open-source libraries and repositories that developers use to download the code and deploy a code analyzer to detect memory corruptions, resources leaks and other issues that could be leveraged by adversaries.
“Agencies can also participate in crowdsourced security initiatives designed to test the efficacy of their defenses and reinforce the notion that security must be taken seriously by everyone, including developers,†he noted.
He mentioned the Defense Department’s Hack the Pentagon and the Core Infrastructure Initiative Badge Program as examples of those initiatives.
Egts called on agencies not to circumvent “a rigorous procurement process that takes into account security hygiene and quality assurance†in order to protect their infrastructure from cyber threat actors.
