By Dr. Deby Katz and Ray DeMeo
On June 6, 2025, the United States government issued an Executive Order (EO): “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144,” to defend US digital infrastructure and critical services from state-sponsored and cyber-criminal security threats. The EO gives insight into current national cybersecurity priorities, including:
Implementation of secure software development, security, and operations practices
- Secure Software Development
- The role of AI in cybersecurity
The order cross-references NIST Special Publication 800-218 (Secure Software Development Framework (SSDF)), which sets out fundamental practices for secure software development, throughout the software development process. The EO calls for the Secretary of Commerce to update the SSDF to include “practices, procedures, controls, and implementation examples regarding the secure and reliable development and delivery of software as well as the security of the software itself,” as well as develop guidance for securely and reliably deploying patches and updates.
This priority is in line with prior studies that estimate it is 30 to 100 times cheaper to deploy code securely than to fix it after deployment – not including the billions spent on post-deployment security solutions and personnel that attempt to monitor, detect, and mitigate. Nor the cost of breaches themselves.
GrammaTech tooling and services are used to perform scalable, automated security assessments for Software, Firmware, and Operational Technology (OT) Systems to ensure they are secure prior to deployment.
- Our platform for OT systems and devices reverse engineers and analyzes firmware binaries to detect vulnerabilities, assess exploitability, and identify corrective action. GrammaTech’s very unique ability to secure OT systems is further supported by Digital Twin capability for replicating and testing systems virtually, and AI enhancement to extract firmware-bill-of-materials (FBOM) from code to identify and ensure supply chain integrity.
- GrammaTech does the same for DevSec application software pipelines with its Proteus software testing platform that automatically identifies vulnerabilities and prioritizes weaknesses for remediation, leveraging AI enhanced Binary Reverse Engineering, Analysis, and Rewriting that delivers deep understanding of binary code and malware.
- Through its work in support of the US Navy, GrammaTech debloats software container images for reduced attack surface in edge deployments, a heightened priority in view of the rapidly growing number of high-value remote compute environments.
- In support of call to action by DOD, DHS, DOJ and allied nations – GrammaTech, through sponsorship from DARPA, automates code migration to memory-safe languages, which can reduce up to 70% of critical vulnerabilities.1
It’s worth nothing that future government contracts may require demonstrating conformance to SSDF guidance.
AI in Cybersecurity
The EO recognizes that Artificial intelligence (AI) has the potential to rapidly identify vulnerabilities and provide an unprecedented level of automation to increase the speed and scale of vulnerability detection. These efforts are directly relevant to easier and more complete implementation of the SSDF. When implemented well, AI-enhanced tools will reduce the amount of expertise and time necessary to create and deploy secure code and systems.
Emerging AI technologies also come with risks. The EO directs relevant offices to track, respond to, and report vulnerabilities in AI systems, and to incorporate these processes into existing risk management and interagency coordination procedures.
Administration priorities
This Executive Order promotes a much needed strategic and systems-oriented approach to cybersecurity, reinforcing the importance of technical standards, collaboration, and sustained efforts to protect critical digital infrastructure.
In our next post, our cybersecurity experts will explore how this Executive Order and its guidance on secure software development coupled with AI could meaningfully impact the software industry and national security.
[1]https://media.defense.gov/2025/Jun/23/2003742198/-1/-1/0/CSI_MEMORY_SAFE_LANGUAGES_REDUCING_VULNERABILITIES_IN_MODERN_SOFTWARE_DEVELOPMENT.PDF
https://msrc.microsoft.com/blog/2019/07/a-proactive-approach-to-more-secure-code/
