Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
Zero Trust Architecture: Best Practices Observed in Industry
Automating Infrastructure as Code with Ansible and Molecule
Identifying and Preventing the Next SolarWinds
A Penetration Testing Findings Repository
Understanding Vulnerabilities in the Rust Programming Language
We Live in Software: Engineering Societal-Scale Systems
Secure by Design, Secure by Default
Key Steps to Integrate Secure by Design into Acquisition and Development
An Exploration of Enterprise Technical Debt
The Messy Middle of Large Language Models
An Infrastructure-Focused Framework for Adopting DevSecOps
Software Security in Rust
Improving Interoperability in Coordinated Vulnerability Disclosure with Vultron
Asking the Right Questions to Coordinate Security in the Supply Chain
Securing Open Source Software in the DoD
A Model-Based Tool for Designing Safety-Critical Systems
Managing Developer Velocity and System Security with DevSecOps
A Method for Assessing Cloud Adoption Risks
Software Architecture Patterns for Deployability
ML-Driven Decision Making in Realistic Cyber Exercises
Create your
podcast in
minutes
It is Free