Five steps to protecting critical software with AppSec | Federal News Network

I’ve been banging on about two deeply unsexy aspects of infosec, threat modelling and asset management, for years but don’t see much traction. Every time I see advice like this from the US government I think, “Yes, but will they actually do it?”…:

[…] Per OMB’s mandate, agencies have or are in the process of identifying critical software. This is an opportunity for agencies to get a clear picture of applications and their attack surfaces – the sum of all potential entry points for unauthorized access into applications. Getting a complete picture isn’t always easy but starting here is what matters. Prioritize applications that connect to financial services, human resources, payroll and healthcare systems that have large amounts of user data.

[…]

Original article