Closing the Software Understanding Gap www.cisa.gov/sites/def…

Today, mission owners and operators lack adequate capabilities for software understanding. These deficiencies stem from the software understanding gap—when technology manufacturers and developers build software that greatly outstrips their ability to understand it.

The outcome of this software understanding gap is an inability to effectively create software without defects, remediate them once discovered, maintain software at the speed and scale of mission relevance, and secure them against exploits. These types of outcomes are routinely seen in incidents of national significance, such as the 2021 pipeline disruption by ransomware, the 2021 Solar Winds Orion supply chain compromise, and Volt Typhoon’s and Salt Typhoon’s targeting of U.S. critical infrastructure and telecommunication systems.