My experience is admittedly entirely from the IC side before I came to Platform One last year. And yes, when it came to ground processing and dissemination of geointelligence products, we absolutely did prove we were…
The only truly intractable problem I don't see a way around is the interagency nature of some of the requirements. In many cases, they aren't really requirements in the sense of being formally written down anywhere.…
Honestly, best of luck, but it's mostly to do with PKI. The DoD PKI office won't issue code signing certificates for NPE users, so artifact provenance assurance either can't be automated, which means it can't be scaled,…
The issue with FIPS compliance is with Anchore. It's actually fixed in 10.2, but that version is not yet in Iron Bank, so delaying deployment to IL5. The issue with Iron Bank itself is a lot more structural. We report…
Military radio transmissions are encrypted using hardware-loaded pre-shared keys that never go over a network and are stored in guarded arms rooms behind many fences and thick concrete walls on military installations.…
I'm not at all trying to crap on Etsy. I'm just saying these stories about industry leaders that are deploying to prod 100,000 times a day are able to do this because they own applications that can break and it's not…
Yeah. I aint saying who I am, but I'll anonymously corroborate this. Nic had a lot of good ideas, but he micromanaged the hell out of low-level product decisions, forced us to use specific broken products that made me…
Two notes on this: 1) If the military gets it right with anything, it's encryption. This isn't connecting to the aircraft over the Internet using Verisign PKI. You're not gonna man-in-the-middle inject your own code…
I feel Nic's pain. Here is the original article about the talk he gave before leaving: https://www.airforcemag.com/air-force-leadership-chief-softw... > One of Chaillan’s main concerns is incorporating security into…
It's not explained, but I know exactly what he means. We mandate that development teams and integrated product teams have to use agile methods, but the procurement process itself is inherently not agile. Contracts come…
My experience is admittedly entirely from the IC side before I came to Platform One last year. And yes, when it came to ground processing and dissemination of geointelligence products, we absolutely did prove we were…
The only truly intractable problem I don't see a way around is the interagency nature of some of the requirements. In many cases, they aren't really requirements in the sense of being formally written down anywhere.…
Honestly, best of luck, but it's mostly to do with PKI. The DoD PKI office won't issue code signing certificates for NPE users, so artifact provenance assurance either can't be automated, which means it can't be scaled,…
The issue with FIPS compliance is with Anchore. It's actually fixed in 10.2, but that version is not yet in Iron Bank, so delaying deployment to IL5. The issue with Iron Bank itself is a lot more structural. We report…
Military radio transmissions are encrypted using hardware-loaded pre-shared keys that never go over a network and are stored in guarded arms rooms behind many fences and thick concrete walls on military installations.…
I'm not at all trying to crap on Etsy. I'm just saying these stories about industry leaders that are deploying to prod 100,000 times a day are able to do this because they own applications that can break and it's not…
Yeah. I aint saying who I am, but I'll anonymously corroborate this. Nic had a lot of good ideas, but he micromanaged the hell out of low-level product decisions, forced us to use specific broken products that made me…
Two notes on this: 1) If the military gets it right with anything, it's encryption. This isn't connecting to the aircraft over the Internet using Verisign PKI. You're not gonna man-in-the-middle inject your own code…
I feel Nic's pain. Here is the original article about the talk he gave before leaving: https://www.airforcemag.com/air-force-leadership-chief-softw... > One of Chaillan’s main concerns is incorporating security into…
It's not explained, but I know exactly what he means. We mandate that development teams and integrated product teams have to use agile methods, but the procurement process itself is inherently not agile. Contracts come…