Federal cybersecurity boondoggle: the Software Assurance Marketplace (SWAMP)

Way back in February, I wrote a blog about President Obama’s proposed Cybersecurity National Action Plan (CNAP). As part of this plan, the President called for $19 billion for cybersecurity as part of the 2017 fiscal year federal budget, a 35% increase over 2016 spending. 

While CNAP has a lot of thoughtful and positive proposals, I’m troubled by the fact that federal cybersecurity programs seem to have a life of their own with little oversight or ROI benefits. I often cite DHS’s Einstein project as an example of this type of government cybersecurity waste. In my humble opinion, the feds are spending hundreds of millions of dollars on custom research and development for Einstein when commercial off-the-shelf (COTS) network security products could do the same job at a fraction of the cost.

Topics: Cybersecurity DHS software assurance software assurance marketplace

Software Development: Still Lacking Strong Security

Large organizations are buying next-generation firewalls, advanced malware detection/prevention systems, encryption software, and new types of security analytics tools. On balance, this is a good thing as they add more layers of defense to networks and host computers.

Topics: Microsoft Information and Risk Management Enterprise Software Security and Privacy SANS Veracode software assurance