DOD considers creation of national software security lab

DOD considers creation of national software security lab

SALT LAKE CITY'Defense Department cybersecurity managers are urging secretary Donald Rumsfeld to establish a high-assurance software lab serving all of DOD.

The lab would be virtual, drawing on the existing software certification capabilities scattered across DOD research facilities.

Joe Jarzombek, deputy director for software assurance in DOD's Information Assurance Directorate, said the measure is one response to language in the fiscal 2004 Defense authorization bill that requires the department to make sure vulnerabilities in commercial software don't compromise military missions.

Lawmakers 'are asking how DOD can enhance the acquisition risk management to improve software integrity. DOD is not up task of protecting missions from software vulnerabilities,' Jarzombek said at the annual Systems and Software Technology Conference.

The proposed lab would create a single executive organization responsible for software integrity and information assurance.

Whatever approach DOD components take on testing software, Jarzombek said, the efforts should not be overly focused on software developed in foreign countries, as he said a soon-to-be-released General Accounting Office study suggests.

'We've told [GAO] we have plenty of vulnerabilities from domestically developed software,' he said.

Jarzombek said DOD possesses so many millions of lines of code in countless thousands of packages, that it would take years of effort and millions of dollars just to identify what was developed where.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected