Topics
10 signals
The adoption of Software Bill of Materials (SBOMs) in CI/CD pipelines enables continuous monitoring and vulnerability management. This trend signals a growing market for advanced SBOM automation tools, presenting contractors with enhanced procurement opportunities in software supply chain security.
The rise of Miasma-style supply chain attacks poses a significant cybersecurity threat targeting AI developer environments. Government agencies and contractors must adapt their security measures to protect these AI coding environments from vulnerabilities associated with this new threat vector.
The U.S. Army has launched the Mortars App, revolutionizing fire control for mortar crews. This move reduces reliance on outdated technology, offering contractors opportunities in software and mobile app development for military applications.
The government is closely examining vendor adherence to **ISO 27001:2022**, specifically focusing on **Control 8.29**. This mandate requires comprehensive risk-based security testing integrated into the software development lifecycle, influencing procurement strategies and vendor selection in government contracts.
San Francisco has renewed its contract with OpenGov for $6.5 million to enhance its PermitSF software, following previous contract challenges. This renewal reflects the city's commitment to modernizing its permitting process, despite past performance issues and delays.
The Ministry of Science and ICT in South Korea is launching a Task Force to revise AI and software pricing models to better reflect technological advancements and rising hardware costs. This initiative aims to support innovation in public IT procurement and provide opportunities for vendors in the sector.
Socket has closed a $60 million Series C funding round to enhance its software supply chain security capabilities. This funding reflects the urgent need for government agencies and contractors to secure open source software and mitigate rising cybersecurity risks, particularly as AI advances in software development.
Recent cyberattacks targeting software development pipelines pose significant risks for government contractors. Procurement professionals must prioritize advanced security solutions that integrate runtime monitoring and pipeline integrity checks to counteract vulnerabilities in CI/CD environments, ensuring compliance with emerging cybersecurity standards.
The Department of War is enhancing software procurement with initiatives like Software Factory 2.0 and Operation StormBreaker, set to transform acquisition processes. The U.S. Army's transition to the Army Contract Writing System (ACWS) aims to streamline contracting through an Agile approach, improving speed and efficiency in software delivery.
A supply chain attack exploited a GitHub Actions vulnerability, leading to a malicious release of the elementary-data package on PyPI. This incident highlights critical procurement implications for government agencies and contractors regarding software supply chain security and dependency management.