/may 4, 2020

Now Is the Time for Government Agencies to up Their AppSec Game

By Hope Goslin

When it comes to application security (AppSec), Forrester’s report, The State of Government Application Security, 2020,  establishes that the government sector is falling behind other industries. And given the nature and quantity of consumer information housed by government agencies, government applications are a prime target for cyberattacks. It’s no wonder only 18 percent1 of consumers are confident that the federal government is able to secure the personal data of its citizens.

On top of existing concerns related to the government’s security measures, recent global events should also prompt government agencies to evaluate their AppSec solutions. In the past few months, state and federal agencies have been tasked with collecting patient data related to the COVID-19 pandemic and creating new applications for the stimulus relief package. This influx of data is coming at a very vulnerable time – cyber attackers are taking advantage of the fact that IT systems and processes are stretched thin. But it’s not too late for governments to make a change. There are several best practices that, if implemented properly, can help them stay secure.  

Step one is implementing prerelease scans, like static analysis, to detect flaws earlier in the software development lifecycle and remediate faster. According to Veracode’s State of Software Security Industry Snapshot, most government agencies are only scanning their applications 12 times a year. As a result, government agencies have accumulated a significant amount of security debt. If they start scanning earlier, and more frequently, governments can find and remediate flaws faster and reduce their security debt.

Step two is embracing DevSecOps practices. With DevSecOps, security shifts to the beginning of the development process. This concept helps save time and money because security flaws and vulnerabilities are recognized and addressed prior to deployment. But embracing DevSecOps is not just about adding prerelease scans, it is about strategically implementing prerelease tools. For example, consider integrating the scans into the developers existing tools and processes and automating the scans. The easier it is for the developer to scan, the more applications will be scanned. And, given the current challenges our world is facing, having your scans automated ensures that your business won’t miss a beat. 

To learn more ways that government entities can better secure their software, download our webinar, The State of Government Application Security.  


1 Consumer Technographics® North American Healthcare Online Benchmark Recontact Survey 1, 2019 (US), Forrester Research, Inc.

Related Posts

By Hope Goslin

Hope is part of the content team at Veracode, based in Burlington, MA. In this role, she focuses on creating engaging AppSec content for the security community.