DOD considers creation of national software security lab

DOD considers creation of national software security lab

SALT LAKE CITY'Defense Department cybersecurity managers are urging secretary Donald Rumsfeld to establish a high-assurance software lab serving all of DOD.

The lab would be virtual, drawing on the existing software certification capabilities scattered across DOD research facilities.

Joe Jarzombek, deputy director for software assurance in DOD's Information Assurance Directorate, said the measure is one response to language in the fiscal 2004 Defense authorization bill that requires the department to make sure vulnerabilities in commercial software don't compromise military missions.

Lawmakers 'are asking how DOD can enhance the acquisition risk management to improve software integrity. DOD is not up task of protecting missions from software vulnerabilities,' Jarzombek said at the annual Systems and Software Technology Conference.

The proposed lab would create a single executive organization responsible for software integrity and information assurance.

Whatever approach DOD components take on testing software, Jarzombek said, the efforts should not be overly focused on software developed in foreign countries, as he said a soon-to-be-released General Accounting Office study suggests.

'We've told [GAO] we have plenty of vulnerabilities from domestically developed software,' he said.

Jarzombek said DOD possesses so many millions of lines of code in countless thousands of packages, that it would take years of effort and millions of dollars just to identify what was developed where.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.