Ron Ross

NIST exploring possible DevSecOps framework for agencies


The National Institute of Standards and Technology is currently gathering information on products developed using the organizational philosophy to eventually issue guidance normalizing the process.

NIST’s Ron Ross argues for sharing threat intelligence


Today's growing infrastructure means that adversaries have an "unlimited opportunity to do damage," Ross says, recommending agencies do more to share threat intelligence.

NIST issues draft guidance for securing legacy IT systems, more


Ron Ross, NIST fellow and one of the agency’s cybersecurity experts, spoke with CyberScoop about the needed update.

NIST drops ‘federal’ from cyber controls guidance


The move to remove the word “federal” from the title of its magisterial catalogue of cybersecurity and privacy controls is one of a series of proposed changes.

So, you’ve assumed compromise. Now what?


The once-radical notion that cyber defenders should assume hackers are already in their network is now conventional wisdom. But the implications of it are still taking hold, experts and officials said Thursday.

New approach needed to IT, says NIST’s top cyber scientist


No amount of security software, firewalls or anomaly detection systems can protect an IT infrastructure that's fundamentally insecure and to deal with the looming cybersecurity crisis, a new approach to computer architecture is required, the National Institute of Standards and Technology's top computer security scientist told the president's commission on long-term cybersecurity.