DevSecOps has the power to set a new standard for the way the DOD -- and the rest of the federal government -- executes work.
Crisis situations like this one can induce the fog-of-war and lead to tradeoffs during remediation. While we may not know the full extent of the damage for some time, as is always the case in an event like this, we need to stop the bleeding. We must not afford the adversary an easy path to more information.
The passage of the IoT Cybersecurity Improvement Act of 2020 means that NIST will start to address the gap in post-market guidance to help organizations adequately address newly discovered vulnerabilities in devices already on their networks.