"So, bottom line, we're cutting out middlemen. Software companies make software. We're going to buy software from software companies."
Hopefully the US DOD will give preference to American tax paying small software companies and solutions for cybersecurity when looking for solutions. Ideally, only purchasing software that has passed a risk assessment by a trusted party, and have registered their "Trust Declarations" in a Trust Registry, following the lead of the US Coast Guard (approved product list)ย containing a trust score. The higher the trust score the more trustworthy a product is, like a FICO score for software products.
Am hoping other US Government agencies, such as the US Department of Energy will follow the lead of the DoD and buy commercial off the shelf products from small, tax paying American software companies offering cybersecurity products for SCRM risk assessments following NIST Guidance (OMB M-22-18) and IETF SCITT "Trust Registry" implementations.
ย