[kenhwang]

Realistically, I'd like to see the government develop software and tooling to mitigate these concerns. They already do at a low level for cryptographic primitives (like SHA and RSA). Maybe they do the next couple abstraction layers up, a secure OS image that's regularly patched, a web server, a programming framework, etc.

Currently those layers are roughly provided by the big tech companies, and the government's involvement in making those more secure is PhD students and curious professors from (public) universities. It would be nice if that was a more directly employed org in the government.

[scottyah]

I could see this happening as the processes mature. The Air Force already has hardened repositories for containers etc and "Factory in a Box" type configurations that the Defense Industry is supposed to start adopting for new programs. It is really neat, though it's so low-level at this point that it won't make sense for small businesses to use it unless their underlying platforms like Shopify, Instagram, and Blogger do.

https://software.af.mil/dsop/services/