VA Launching Secure Software Assurance Program

Share

Written by

2011_09_jerrydavis

Think back 50 years and a stamp cost four cents, Alan Shepard had yet to reach space, and Bob Dylan was an unknown curly-haired kid from Minnesota trying to make it big.

It was also the early days of software development and some of the problems then, namely security vulnerabilities existing within the code, still existed and remain something industry continues to chase today.

And it’s something Veterans Affairs Chief Information Security Officer Jerry Davis is looking to change, at least within his agency, the best he can.

Davis told FedScoop that he is standing up a secure software assurance program in the government’s 2012 fiscal year (which starts next month) aimed at looking at the software code for all web applications (both consumer products and government-developed products) for common vulnerabilities.

“A lot of the programs are built around patch management, and I see that as treating the symptom and not the disease,” Davis said. “Our goal is to build it correctly from day one, so we can minimize the need for patches as much as possible.”

And while protecting information in computer applications is a major priority for Davis, so is mitigating information lost because of … paper?

“Oddly enough, we’ve found that a significant part of the identity information that is mishandled throughout the department comes from paper,” Davis said.

For example, an envelope-stuffing machine malfunctions and accidentally double stuffs an envelope, sending a military veteran’s information to someone else. Davis said the department is working hard to fix all such problems, working backward from all cases of identity mismanagement to find weaknesses in the system.

“There is no excuse for losing a veteran’s information,” Davis said.

He should know. Davis spent 11 years in the Marine Corps, serving in Desert Storm before entering government work (he previously worked as the chief of information security at the Department of Education and NASA before joining VA just over a year ago). He was notified in 2006 that his data had been lost when a an agency laptop went missing. He aims to not have that happen to any veteran, especially based on the mission of the agency.

“When I get up at 4:45 in the morning and sit on my bed thinking, ‘Man, I’m tired,’ it gives me motivation to work hard,” Davis said. “I know it sounds sappy, but that’s the attitude everyone has here.”

-In this Story-

CISO, Department of Veterans Affairs (VA), Departments, Jerry Davis, VA
TwitterFacebookLinkedInRedditGoogle Gmail