Get Full Government Meeting Transcripts, Videos, & Alerts Forever!
N.D. IT agency seeks $3 million ongoing for code-scanning tool after large vulnerability run
Summary
North Dakota Information Technology (NDIT) told a Senate committee that last biennium—unding reduced thousands of vulnerabilities but advocates ongoing investment, including a $3 million ongoing request to deploy Static Application Security Testing (SAST) to catch application code flaws earlier.
NDIT officials told the Senate appropriations committee that a mix of staffing, process and technology investments funded last biennium reduced a large backlog of vulnerabilities but that application security remains a persistent, growing challenge.
"Last year our teams were able to patch 596,000 system vulnerabilities, and in addition to that, we also remediated 326 application vulnerabilities," Chris Gergen, Director of Cyber Operations at North Dakota Information Technology, said in testimony. He said application fixes require code changes, testing and quality assurance and therefore take far more developer time than system patching.
The agency reminded lawmakers that the 2023 biennium included a $1 million appropriation for vulnerability reduction. NDIT used that money across people, process and technology: contractors to remediate agency applications, a Guidehouse consulting engagement to…
Already have an account? Log in
Subscribe to keep reading
Unlock the rest of this article — and every article on Citizen Portal.
- Unlimited articles
- AI-powered breakdowns of topics, speakers, decisions, and budgets
- Instant alerts when your location has a new meeting
- Follow topics and more locations
- 1,000 AI Insights / month, plus AI Chat
