From SBOMs to pen testing, government is gradually adapting security standards for software development and the IT supply chain to better protect agencies from adversaries. But how far do they have to go? SC Media’s Jill Aitoro spoke to Bob Martin, senior principal engineer of the Mitre Corporation, and Chris Wysopal, co-founder and chief technology officer at Veracode, about progress made and lingering obstacles.