Stay Connected
The U. S. Patent and Trademark Office The U. S. Department of Homeland Security has a proven track record of automating to temporarily remediate known formula issues and potential security vulnerabilities, according to a firm official.
In an interview with Nextgov/FCW, Spence Spencer — director of USPTO’s System Configuration and Delivery Automation Division — said speedy and effective uses of automation across the agency’s systems have helped create a culture of trust that allows his team to take the lead in addressing problems without significant pushback from higher-up officials.
Spencer’s department is guilty of creating, delivering and ensuring the security of traditional software to help the USPTO progress and product groups “deliver faster, more consistent and higher quality products”, adding automation systems to the capabilities of the company.
“The ability to use automation allows you to act and react very temporarily,” he said. “If you take one look at a giant task that’s starting to go off the rails and you have the right kind of automation, then you can break it. “Break it down into smaller sets of paints and the smaller sets, one by one. “
The USPTO began “building automation” around 2010, Spencer said, and then moved into development, security and operations (or DevSecOps) over the years as the company “began to integrate security into the initial release” of automated tools.
“Probably 30 percent of our implementations were failures” at first, he said, but the successful implementation of automated systems across the enterprise in the coming years, along with the company’s divisional functions, has shown the price of further expanding those efforts.
“We went from a culture of mistrust, where the answer to every deployment was no, to now the answer is, ‘yeah, do it,’” Spencer said, adding that “we don’t do rollbacks anymore.”
During the Trademark Public Advisory Committee’s quarterly meeting in November, Spencer said members of the agency were demonstrating new trademark external applications when an attorney with a private company who was present at the meeting “pointed out a logic flaw in our public application.”
The product team, who was listening to the assembly remotely, verified and demonstrated that there was a bug in the application. Spencer said they temporarily dedicated themselves to resolving the issue and were able to implement a fix the next day.
“They went from finding a bug to offering a fix for a government-owned public app in less than 24 hours,” he said, adding that “that’s the point of agility we’re at. “
To help USPTO developers build and secure applications, Spencer’s department has also developed automated quality teams that look at code as it’s written and “tell them it’s not treated a certain way or it’s not a set and then they’ll report it. “
And when it comes to broader security risks — including those in custom-built software or in open-source components that come with their own vulnerabilities — the agency has also relied on automation to quickly identify and mitigate potential threats.
These features came in handy after the disclosure of vulnerabilities in Log4j in 2021, a popular open-source logging library used in a wide diversity of commercial and customer products.
Spencer said “we had a very short time horizon” to identify security flaws in the agency’s use of Log4j, adding that “we had to find out on the same day how serious it was. “
“We had to advise our [news director] on pretty drastic measures to solve this problem,” he added. “You can’t do that without automation. “
USPTO is also experimenting with and using some emerging technologies to bolster the security of its systems. Spencer said the agency is “starting to look at how we can use things like AI to help our folks actually code the software,” as well as other tools for securing systems.
Help us tailor content specifically for you: