Some government and industry executives have said at a Consortium for IT Software Quality-hosted forum that security management should be part of an organization’s software design and specifications, GCN reported Wednesday.
Michael Gilmore, director of operational test and evaluation at the Defense Department, told the CISQ event audience that federal agencies need to do more to protect applications against cyber-related threats.
Gilmore’s office found exploitable security flaws in many U.S. government systems that were evaluated during the past fiscal year, according to GCN.
“In our view, agencies did not need to wait until DOT&E found security issues, the flaws could have been found during software development,” he said at the CISQ event.
GCN reports that CISQ has developed an automatable method for software developers to monitor the security posture of source codes as well as to predict if a software technology is vulnerable to unauthorized intrusions.