Question: whats better than project management?

Answer: Invisible real-time data-driven project management, thats what.

Holy Land and US-based LinearB plays in this arena and the company insists that its not focused on intelligence software delivery, as such, its core gambit is Software Delivery Intelligence.

The companys cheeky usage of CAPS to brand a discipline that we already know is meant to tell us that its tools help ship software in a different way.

Correlating Git and project management data, LinearB delivers dashboards, reports and real-time alerts the details how teams actually work this is meant to predict and eliminate project delays caused by all the bad (code) stuff.

What constitutes bad code stuff then?

The company says that traditional project management tools are good for planning, but they dont add value once dev teams start building.

Why is LinearB so keen to diss traditional tools?

Because, says LinearB, those older tools are unable to understand progress without manual status updates and fail when it comes to developer-specific work happening in branches, pull requests and releases.

Something is broken with how software projects are delivered. While Git and CI/CD tools have adopted a dev-first approach, project management and engineering efficiency tools have a top-down mindset and actually make life harder for developers, said Ori Keren, co-founder and CEO of LinearB.

Dev teams need tools that live in their workflow, reduce manual work and help them focus on building and improving. Think of Software Delivery Intelligence as Git correlation and reconstruction technology that makes project management updates redundant, with team metrics and operational insights built-in, he added.

Keren and team insist that traditional efficiency & value stream tools miss the target of opening the engineering black box because the metrics are not actionable.

They also fail to gain adoption within the team because of their Big Brother cultural impact effect and the temptation to use executive dashboards to micromanage dev team activities.

LinearB automatically constructs and visualises detailed progress timelines for open project issues with zero manual inputs and synchronises updates to project systems eliminating developer interruptions.

The platform automates the collection and display of team and project performance data that typically takes data engineers hours to compile manually.

Developers get insight about their work where they live in Slack and Git, dev team leads get clear visibility from the first-ever project board with a full Git activity timeline for every issue and engineering VPs get actionable team-based metrics that help daily improvement.

LinearB flags which teams and projects need help so dev leaders know where their time and attention can do the most good each day. Teams are alerted in real-time to project risks, delays and dependencies so they can course-correct and deliver more features faster, notes Keren.

As a closing assertion, LinearB claims that metrics are now the language of business leaders.

As such, LinearB visualises the most important team-based metrics like Cycle Time to help translate engineering to non-technical executives.

The company also provides data-driven dashboards for stand-up, retro, sprint planning and release planning meetings ensuring conversations are fact-based and time is used efficiently.

This is real-time visibility into projects without the need for manual updates, interruptions or status meetings, empowering hybrid remote teams to work asynchronously and that reality (if nothing else in 2020) is pretty real.

Go here to read the rest:

LinearB offers A-line to kill off bad code - ComputerWeekly.com

The size and scope of SolarWinds as an IT software provider and the nature of the breach announced on December 13 rocked the IT and security world rightfully so. While security leaders guide their companies to respond, there's some generalized advice for the vendor world about this.

Attackers Continue To Exploit Product Security Weaknesses

Throughout 2020, product security failures have happened month after month, but most focused on consumer-facing products and services. Enterprise B2B vendors didn't get quite as much attention, but the scale balanced out with the SolarWinds breach.

Companies competing with SolarWinds on providing important infrastructure, monitoring, and security products and security vendors should focus on the following:

Poor product security efforts risk market share for B2B firms. Forrester has a body of research around product security, which provides extensive guidance on how to establish or improve your product security initiatives. Expect this to become a major focus of procurement and legal teams as a result of this breach.

Vendors should NOT use the SolarWinds breach as a marketing opportunity. Attempting to exploit the misfortune of others never makes a company look good, and in the cybersecurity industry, everyone knows that today it might be them, but tomorrow it could be you. Ambulance chasing, dunking on, or victim shaming is not just in poor taste. It's deplorable and won't win clients over. FireEye exhibited tremendous transparency as a result of its breach and was able to also provide one of the first detailed technical write-ups on the SolarWinds incident.

Even a security-mature software supplier could have missed this. To identify security flaws in their supply chain, top software organizations regularly run software composition analysis to identify vulnerabilities in open source components, and they use code-signing certificates to assure the integrity of supplied code. Neither approach would have discovered this attack the malicious code was not in an open source library, and the compromised DLL (dynamic-link library) was signed by a valid (albeit compromised) certificate. Don't equate susceptibility with a lack of security maturity.

SolarWinds' degree of transparency with its customer list might need to change. SolarWinds was large and prominent enough that it was an attractive target for attackers without mentioning customer names. But the customer page on its website went as far as listing all five branches of the US military, all 10 large US telecoms, and the top five accounting firms as clients. That doesn't mean any of those organizations are caught in the breach, but it does mean attackers have some idea of the value of SolarWinds as a target if they are successful. Third-party risk management, legal, and procurement will likely force CISOs to reevaluate if they want to be listed in the future.

To understand the business and technology trends critical to 2021, download Forrester's complimentary 2021Predictions Guidehere.

This post was written by Principal Analyst Jeff Pollard, and it originally appearedhere.

Read more from the original source:

The SolarWinds and US government breach is not a marketing opportunity - ZDNet

Itoco Inc., a Bio Tech development, production and distribution company, announced that its patent-pending, biometric Immutable Virus Test Result Verification System is now available as an open-source repository on GitHub. The system was recently deployed via blockchain Smart Contract.

Through the open-source code, users can view the code and verify the exact functionality. Potential partners or customers will have transparency of how their data is being used, for example, what is being retrieved from the blockchain. Mobile application users can verify that the only data used is a hashed public key combination of the blockchain wallet and user biometric, but not the patients raw biometric or any personally identifiable information (PII).

The publicly available Smart Contract, written in the Solidity smart contract programming language for Ethereum, allows Itocos partners and customers to verify exactly how the blockchain is being leveraged as part of the overall system.

The Smart Contract is made up of several functions; users may be added to the blockchain as a combination of their hashed biometric public key and blockchain wallet address. This means they can have immutable test results associated with them. However, a user must first be added before they can have immutable test results recorded for them. The combination hash is first submitted by the user using the mobile application and then processed by the administrative application.

Another function is adding verified test machines to the blockchain using their blockchain wallet address. A test machine must first be added by the administrative application to the blockchain before it can write test results to the blockchain.

Immutable test results are also able to be added to the blockchain. An immutable test result consists of the test results and associated details, along with updated user details with testing status and the latest test results, the company says.

Other components of the Immutable Virus Test Result Verification System are the administrative application and the integrated virus test machines, which can communicate with this Smart Contract.

World Health Access launches digital vaccination record

The release of a patented technology service to provide COVID-19 vaccine verification booklets and cards was announced this week by World Health Access, a subsidiary of International Health and Wellness LLC.

The VAX Passbook and VAX Passcard will utilize Reel Code Media (RCM) patented technologies, including biometrics, and have been designed to ultimately include all vaccination records of the user. This record will show the chronological history of testing whilst confirming the tests and vaccinations the owner has obtained.

VAX Passbook is a vaccination record booklet that consists of a document confirming all received vaccinations. VAX Passcard provides a similar document but in the form of a credit card-like tool. The Passbook utilizes patented technology to maintain security and privacy of the user and the RCM Frame is programmed to only be accessed by assigned administrators including educators, employers, government agencies, travel authorities and medical/healthcare/insurance providers. The Passcard enables user authentication with embedded fingerprint biometric technology.

The development of these technologies follows some reports that a proof of COVID-19 vaccination may be required for future international travel, company Daon is among those that have already developed an app with this in mind.

access management | biometric cards | biometrics | digital identity | fingerprints | identity verification | Itoco | World Health Access

Originally posted here:

Itoco and World Health Access launch biometric IDs for vaccination verification - Biometric Update

As theymove into DevOps, teams often get advice on how to integrate security and quality-assurance (QA) testing into the development process. The advice is sound; surveys have measured which development processes and security habits are shared byelite, mature DevOps teams.

However, what is often missed in application security is how companies can push their programs after the initial forays into more mature territory to build a resilient software and development pipeline.

Successfully growing security and QA programs continues to be difficult. While a well-executed DevOps program can reduce the complexity of software-security and QA processes, orchestrating agile approaches has grown more complex overall. That's one of the top-level takeaways fromthe World Quality Report 2020-21.

Here are recommendations for transitioning from the simple security and QA tests produced by siloed experts to a more resilient integrated approach that will give your development teams a smoother path to maturity.

Companies should focus on people first, and then process and tools. Getting developers and security teams on board with integrating testing into the development and deployment pipeline is critical.

A significant factor in growing security maturity in any software development environment is sharing responsibility between the developers and the security team. Moving more security and quality tests into the development processthat is, "shifting left"and automating those tests are the two most significant ways that companies are speeding up their agile software pipelines, with 52% and 51% of companies almost always taking these approaches respectively, according to the 2020-21 World Quality Report.

Working together is important, because most organizations tend to have only one or two application security professionalsworkers who often have other responsibilities. Yettwo-thirds of respondents focused on the technology stack as essential or very importantthe top aspect, according to the World Quality Reportwhile culture and talent were the least important factors.

A security champion programcan help these companies focus on the people and build bridges between security and development. When the people work together and are knowledgeable, other considerations such as the technology stack and executive support will often take care of themselves.

Organizations that are starting out often just have simple test suitesread lintersthat conduct static checks during development or at code check-in. With most mature application security programs, the teams work with developers to push more testing into the process, yet with the realization that too much testing can slow down development.

The more complex tools used by mature organizations, however, can overwhelm less mature developers and security teams. Rather than lure developers to code more securely, more complex tools often deter security.

For that reason, once a company has integrated simple quality and security tests, the development teams should try to tackle specific classes of vulnerabilities, such as SQL injection and cross-site scripting. The most common vulnerability classes, such as the OWASP Top 10, can be detected by manytools out there, many of which are open source.

In the end, the way to move forward is to not bite off more than you can chew. Your team should not try to solve every vulnerability, but pick one or two classes and start there.

Companies believe that they have enough automation, with about two-thirds of respondents to the World Quality Report answering that they had the required automation tools and enough time to build automation tests. However, an average of only 15% of tests were automated, and only 3% of companies automated more than 20% of tests, according to respondents.

Well-implemented automation leads to more secure and resilient code, since testing takes less time, can cover more software, and can lead to better detection of defects. Despite recognizing this, companies continue to underfund testing, according to the survey.

Given the importance in automated testing to prevent avoidable defects from creeping into code, automationmore than any other factorwill help your development and security teams become more mature and produce more resilient code.

Just like your first car should not be a Lamborghini, trying to move too quickly to high-performance and complex testing environments will result in problems. With these best practices you can scale up your development with a more resilient, longer-term approach.

See the rest here:

World Quality Report: 3 ways to build more resilient code - TechBeacon

When it comes to?application?security (AppSec),?most experts recommend using?Dynamic Application Security Testing?(DAST)?and?Static Application Security Testing?(SAST)?as ???complementary??? approaches for robust AppSec. However, these experts rarely specify?how?to run them in a complementary fashion.?

At Veracode, we use SAST, DAST,?SCA,?and?pen?testing as the?four?pillars of our?defense?in-depth?strategy to deliver a ???secure-by-design??? AppSec methodology across the entire?software?development?life?cycle.??

Most organizations start their AppSec journey by running?manual?penetration?tests?(MPT).?Penetration testing is necessary to catch vulnerability classes,?such as authorization issues and business logic flaws,?that cannot be found through automated assessments alone. Expertly trained pen testers?can?review?an entire?environment,?rather than just the application,?and can?follow or break the workflows in a way that is difficult for?automation to replicate.?Additionally, pen testing is required?to comply with regulations such as?PCI DSS, HIPAA, GLBA, FISMA, and NERC CIP.?

However,?pen?testing is only one assessment type and can bottleneck development?velocity?because it is a manual process.??

Dynamic?application?security?testing?(DAST)?is?an AppSec assessment that?scans all applications and interconnected structures in a running environment without looking deeply into source code. The results of ???outside-in????dynamic?scanning?help prioritize?the remediation of?exploitable vulnerabilities?and immediately reduce AppSec risk as they are fixed. However, it can be challenging to pinpoint the?exact?line of code to?work on?using only DAST.?This assessment on its own is limited by the configuration of your scanner and what you choose to test. If you don???t properly configure your scans,?you may miss vulnerabilities and have a false sense of security.?

Additionally, since the?application?is?scanned?towards the end of the?SDLC,?there???s more pressure on development teams to remediate the difficult-to-find vulnerabilities quickly.?This is usually?where?friction?between development and security increases,?often resulting in unmitigated risk.??

Static?application?security?testing?(SAST)?is an AppSec assessment?that tests applications from the inside-out,?by scanning applications,?but not running them. It usually targets source code, byte code,?and?binary?code, and ???sits??? in an earlier stage of the SDLC so developers can look for security issues?before?the application is complete. SAST also provides real-time security feedback during coding, making it a more?proactive method?for fixing flaws quickly. This ???inside-out approach??? can help reduce?security?technical debt?for the lowest cost.?

On the flip side, fixing all the flaws found after a SAST scan may be an inefficient use of resources that may not reduce your risk in a meaningful way.?And since the scan doesnt execute in a running environment, it can be hard to determine which flaws are immediately exploitable, or to understand how the exploit might happen without appropriate training.?

Getting features to market faster than the competition almost always requires development teams to?use at least one open-source library in?their codebase. Third-party code is a necessity in modern software development and so is securing it.?According to?Veracode???s?State of Software Security:?Open-Source?Edition,?97.4?percent?of the 85,000 apps scanned had?an unfixed?security?flaw in an external library.?The good news is that?nearly 75?percent?of the known flaws can be fixed with a?version?update.?Veracode Software Composition Analysis?(SCA) and other similar solutions?automatically?scan your?libraries?and their dependencies?to find vulnerabilities and?help you fix them.???

If you?conduct only?SCA you???re not protecting your entire codebase. If you conduct just?SAST, you may introduce resource-related inefficiencies into the SDLC during remediation.?If you?conduct only?MPT or DAST, you???re finding flaws at a later, more expensive stage and putting increased pressure on development teams to find the flaw in the source code and remediate it quickly.??

To ensure that you get the most value out of your AppSec program, you should use DAST findings to configure SAST policies, and to inform SAST activities. A quick defense against something like an input/output validation problem found during a?Veracode Dynamic Analysis?scan is to implement a WAF rule that prevents unauthorized data from leaving the application. Once the vulnerability has been secured at that level, use?Veracode Static Analysis?to go deep into the source code to find and patch the flaw.?Once the first-party code has been secured, integrate Veracode SCA into your development workflows?to secure your third-party code.?This ensures that you are not just relying on one control to prevent an attack.??

On top of this, it is critical to continue running?MPT?assessments?to secure the flaws that automation?can???t?find. You want to look at the hierarchies of the architecture to be sure that you are doing everything you can to secure each level. This?complementary approach makes it easier to find exploitable flaws, remediate them quickly, and even learn secure coding to prevent them in future.?According to the 11th?edition of the?State of Software Security?report,?organizations that scan with both SAST and DAST are likely to remediate?50 percent of?their flaws 24.5 days quicker than if they only scanned with one technology.?It???s not hard to understand why: by seeing how an attack may be exploited at runtime, developers get an education in how to think like an attacker and may even be more motivated to fix?other?findings.?

In today???s expanding threat landscape, DAST, SAST,?SCA,?and MPT provide a means for?DevSecOps?teams to secure their code and strengthen their AppSec programs before it???s too late.?To learn more about?the strengths and weaknesses of the different types of application security technologies, check out?our?Guide?to?AppSec Solutions.?

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from Application Security Research, News, and Education Blog authored by lpaine@veracode.com (lpaine). Read the original post at: https://www.veracode.com/blog/managing-appsec/defense-depth-why-you-need-dast-sast-sca-and-pen-testing

View original post here:

Defense in Depth: Why You Need DAST, SAST, SCA, and Pen Testing - Security Boulevard

SAN FRANCISCO, Dec. 16, 2020 /PRNewswire/ --Linux Foundation Public Health (LFPH), the organization that builds, secures and sustains open source software to help Public Health Authorities (PHAs) around the world combat COVID-19 and future epidemics, today announced it will host the COVID-19 Credentials Initiative, a privacy-preserving Verifiable Credentials (VCs) effort focused on interoperability. It is also announcing new Executive Director Brian Behlendorf, new public health commitments and membership investments and a new set of open source guidelines for exposure risk notifications.

Since launching in Julyof this year, LFPH has gained new commitments across industries and disciplines and is adding new initiatives to collaboratively address privacy, efficacy and integrity in the software that is helping to prevent and slow the spread of infectious disease.

COVID-19 Credentials Initiative becomes part of LFPH

The COVID-19 Credentials Initiativeis a global community of more than 300 technologists, academics and healthcare professionals from more than 100 organizations working on projects that use privacy-driven verifiable credentials to mitigate the spread of COVID-19. Its guiding principles include interoperability, privacy, data protection and inclusion. The community will bring together new open standards work with existing health data standards to ensure vaccine credentials are interoperable and digitally verifiable.

"LFPH is a natural home for CCI. There is strong alignment on the most urgent matters to address, such as interoperability, privacy and ethics as they related to vaccine credentials. Most importantly, LFPH strives to respect the community-driven and open nature of CCI, which is essential to true collaboration and wide adoption. We look forward to working with LFPH and stakeholders across communities, sectors and industries, especially PHAs, on vaccine credentials for COVID-19 and other public health credentials," said Lucy Yang, co-lead, COVID-19 Credentials Initiative.

Open source and digital identity visionary Brian Behlendorf becomes LFPH executive director

Brian Behlendorf will assume the role of Executive Director of LFPH, while carrying on his duties as Executive Director of the Linux Foundation's Hyperledger Project and overseeing a variety of initiatives in blockchain, healthcare and digital identity. Behlendorf was a founding member of the Apache Software Foundation, was the CTO of the World Economic Forum 2011-2012 and worked at the White House's Office of Science and Technology Policy in 2009 and the Department of Health and Human Services in 2010 on advancing the use of open standards through the use of open source software.

"Thanks to the passionate leadership of the late Dan Kohn, LFPH is mobilized to use open source software to accelerate work on combating COVID-19, with an early emphasis on exposure notifications. That work is well underway and already having a very real impact," said Jim Zemlin, executive director of the Linux Foundation. "LFPH is now looking toward the future, one where we can help bring diverse constituents together to build, secure and sustain technologies that fight COVID-19 today and other epidemics tomorrow. There is no one more suited to enable this kind of collaboration and to carry on Dan's legacy with LFPH than Brian Behlendorf."

"It is an honor to be able to advance the LFPH work that was initiated by the open source hero Dan Kohn," said Brian Behlendorf, general manager, LFPH and the Linux Foundation's Hyperledger. "There is both a requirement and tremendous opportunity to bring together the world's leading technologists, scientists, doctors and academics on public health to seek the right balance in privacy and efficacy in preventing and slowing the spread of infectious disease. This is work we know how to do and work we must do."

New collaboration and investments

The Health Service Executive Ireland, New Jersey Office of Innovation, North Carolina Department of Human and Health Services and Boston Public Health Commission are the latest PHAs to join LFPH They are the ultimate consumers of the technologies being built by LFPH and so their contributions will dramatically accelerate adoption and innovation. LFPH is also announcing new member MotionMob and that WeHealth, the company that implements Covid Watch, is upgrading its membership and is now a Founding General Member. Other founding members include Cisco, doc.ai, Geometer, IBM, NearForm, Tencent and VMware.

"HSE contributed the source code for COVID Green in the summer of 2020. Our goal was to try and help other public health authorities in the fight against COVID." said Gar Mac Criosta from the Health Service Executive of Ireland. "Membership has brought with it a number of benefits, first and foremost an active and open community all aligned in a fight against COVID-19. I think the engagement so far has opened people's eyes across government to the benefits of open source, in particular for situations where public trust and confidence is paramount,"

"My choices before LFPH were McKinsey or vendor pitches. LFPH has provided something without financial skin in the game that I can use as a Public Health Authority," said Mike Flowers, NJ Office of Innovation.

Open source guidelines for risk notifications

LFPH launched with two hosted exposure notifications projects, COVID Shield and COVID Green, to advance phone-based alerts that people can receive to inform them that they've been exposed to someone diagnosed with COVID-19. The Exposure Notification System (ENS) provided by Apple and Google has a configurable component, a risk score, which allows health authorities to specify which types or levels of exposures should trigger a notification.

In a series of meetings in November 2020, LFPH and Apple, the CDC, Google and MIT hosted the Risk Score Symposium Invitational to inform the decision-making process for health authorities who are using, or plan to use, ENS in their region. The resultingguidelines are available now.

To join LFPH or contribute, please visit: https://www.lfph.io/

About Linux Foundation Public Health

Linux Foundation Public Health (LFPH) uses open source software to help public health authorities (PHAs) around the world combat COVID-19 and future epidemics. LFPH projects include COVID Shield being deployed in Canada and Mongolia and COVID Green, which has been deployed in five countries and four US states. As more projects are contributed, LFPH will expand its scope into software support for all phases of PHA's testing, tracing, and isolation activities. LFPH is part of the nonprofit Linux Foundation. For more information, please visit lfph.io.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page. Linux is a registered trademark of Linus Torvalds.

Media ContactJennifer CloerStory Changes Culture503-867-2304[emailprotected]

SOURCE LF Public Health

View post:

Linux Foundation Public Health Expands Technology and Public Health Community, Accelerates the Fight Against COVID-19 - PRNewswire

Following its $10 million acquisition of Flyway, Redgate Software has secured the future of the popular Open Source database migration tool by taking a new approach to software development.

CAMBRIDGE, England December 15, 2020 Redgate Softwares multimillion-dollar acquisition of Flyway in 2019 was an ambitious move to help organizations include any database in DevOps by using the tool to standardize migrations across more than 20 different databases and platforms. The investment encouraged Redgate to fully embrace the Open Source software approach, and the company today confirmed it is doubling the size of the development team behind Flyway and recommitted to maintaining a free Community version under the Apache v2 license.

Like many software companies, Redgate has a portfolio of proprietary database development tools and solutions, and Flyway was the companys first foray into the Open Source arena. This presented a challenge in the way the tool was managed and developed.

From day one, Redgate committed to keeping the Community Edition of the tool, which is free to individual users, and continuing to maintain, support and improve it. The company also wanted to increase the number of businesses using the paid-for versions of the tool by streamlining them to a Teams Edition and adding additional features and support.

This required a different approach to the ongoing development of Flyway because its success needed to be measured by the number of monthly active users of the Community edition as well as the monthly recurring revenue from the Teams edition.

As Kendra Little, Redgate DevOps Advocate and a big fan of Flyway, comments: Companies cant go wrong with Flyway, but it does present a dilemma. On one hand, you want individuals to keep using the free tool they already enjoy. On the other, you want larger teams to embrace the paid version with extra available features. It turns traditional software on its head because you need two go-to-market strategies, not one.

Redgate found the solution in the 1-2-3 Model developed by Adam Gross, technology investor and adviser, based on his work at Heroku. He helped to grow the revenue of the cloud application platform from $35m to $300m by shifting the companys focus away from the traditional approach of selling software at the department or enterprise level.

Instead, the model focuses on encouraging individual adoption with a free version, migrating users up to teams with a paid-for self-serve option, and having an enterprise version at the end of the customer journey rather than the beginning.

Flyway now fulfils the first two steps in the model, and is integrated into Redgate Deploy, Redgates new cross-database development solution, to meet the needs of enterprises. From version control to continuous delivery, Redgate Deploy lets enterprises automate database development processes across different databases, accelerate software delivery and ensure quality code.

Over the last 18 months, Flyway has broadened Redgates understanding of Open Source software and shown how the demands of individuals, teams and enterprises can all be satisfied by offering a stepladder of benefits and capabilities depending on need. Redgate now has better visibility of database deployments across different technologies and among full stack developers, which in turn is helping inform what additional features should be created.

As a direct result, Redgate has doubled the revenue from the paid-for edition of Flyway, and the 1-2-3 Model has cemented the future of the free Community Edition, downloads of which also doubled to 40 million in 2020.

For more information about Flyway, or to get in touch with the team, please visit http://www.flywaydb.org.

About Redgate SoftwareRedgate makes ingeniously simple software used by over 800,000 IT professionals around the world and is the leading Database DevOps solutions provider. Redgate's philosophy is to design highly usable, reliable tools which elegantly solve the problems developers and DBAs face every day and help them to adopt compliant database DevOps. As well as streamlining database development and preventing the database being a bottleneck, this helps organizations introduce data protection by design and by default. As a result, more than 100,000 companies use Redgate tools, including 91% of those in the Fortune 100.

ContactsMeghana ShendrikarAllison+Partners for Redgate SoftwareRedgate@allisonpr.com

Read the original post:

Flyway's Growth Demonstrates the Value of Open Source for Software Companies - RealWire

2020 has taught us that health IT must evolve at a rapid pace to meet the needs of patients and providers. Creating a seamlessly connected world is key to breakthrough innovation.

The Cerner Open Developer Experience (code) program encourages third-party vendors and care organizations to build apps on top of Cerner technology that can quickly advance the health industry through improved interoperability capabilities.

In our three-part podcast series,code Talks, tech leaders share their insights around advancing care through collaboration and open and interoperable health ecosystems.

In this episode, we hear from Aaron Sheedy, chief operating officer and co-founder ofXealth, a platform that enablesclinicianstointegrate, prescribe and monitordigitalhealth tools forpatientsfrom one location in the electronic health record (EHR). Aaron talks about how the Cerner code validation and certification process helped drive quality, safety, security and usability for the Xealth app. He also gives his outlook for digital health and application programming interfaces.

Amwell offers telehealth integration within the Cerner EHR to give providers a single, unified workflow and improve access to care for patients. In this episode, Amwell Senior Vice President of Devices, Cory Costley, dives into the rapid growth of telehealth during COVID-19, examines how the Cerner code program helps break down barriers to health IT adoption and explores the industrys shift toward more proactive care.

Shez Partovi, M.D., worldwide lead of business development for healthcare, life sciences, genomics and medical devices at Amazon Web Services (AWS), discusses the importance of connecting patient data across the care continuum. Dr. Partovi also explains the role of interoperability, open standards in reducing care costs and providing more personalized health care.

The code program is leading health care innovation by opening our ecosystem to create new technologies and applications. Developers interested in building applications that integrate into client workflows can learn more here.

Read more from the original source:

code Talks: a podcast series on driving innovation with an open health care ecosystem - cerner.com