GOV.UK
Reporting back on cross-government StackTech2
In November 2016, roughly 2 years after the original StackTech unconference, we held StackTech2 in London, open to all cross-government technologists.
security
Completing our work to secure digital services
In June we blogged about work we were doing to update our security guidelines for government digital services. Since then we've been busy working with teams across government to update services ready for the changes. Thank you to the teams …
Behind the scenes of GOV.UK Verify: improving users’ security
At GOV.UK Verify we take users’ security very seriously. Online security is constantly changing, and we need to be up to date at all times. We regularly update the service’s frontend to ensure it’s running the most secure and recent …
Holding our next cross-government StackTech
Back in 2014 we held an unconference aimed at creating a conversation between technologists across government. The event, dubbed StackTech, turned out to be a big success and led to discussions still going on today, like how to improve reuse …
Securing development in an agile environment
Traditional security processes and ‘security says no’ can often seem to block progress in agile environments but there are ways to build software securely without compromising agility. It’s all about ensuring security is built into your development best practices so …
Our web security workshop for GDS developers
We recently ran a one-day workshop on web security for technologists at the Government Digital Service (GDS). Security is a topic where lots of people lack confidence in their skills so we thought it was a valuable area to focus …
Why ‘security says no’ won't cut it anymore
I spoke recently at the Business Reporter’s Data Security in the Cloud event about how security has changed to face the reality of the modern internet era. The old world of assurance and compliance and ‘security says no’ won't cut …
Updating our security guidelines for digital services
Back in 2012, GDS released some security guidelines for government services. Although we’re aware individual services have continually upgraded their own security practices, we’re now updating the guidelines to improve how we secure government services overall. We’ll be making 2 …
Experimenting with Content Security Policy on GOV.UK
The GOV.UK team recently had a firebreak to repay some technical debt, experiment with things we might not otherwise have the chance to, and prepare for how we're going to iterate the site in 2015. I looked at implementing Content Security Policy …