DOD considers creation of a national high-assurance lab for software security
- By Thomas R. Temin
- Apr 23, 2004
SALT LAKE CITY'Defense Department cybersecurity managers are urging secretary Donald Rumsfeld to establish a high-assurance software lab serving all of DOD. The lab would be virtual, drawing on software certification capabilities scattered across DOD research facilities.
Joe Jarzombek, deputy director for software assurance in DOD's Information Assurance Directorate, said the measure is one response to the fiscal 2004 Defense authorization bill that requires the department to make sure vulnerabilities in commercial software don't compromise military missions. Lawmakers 'are asking how DOD can enhance the acquisition risk management to improve software integrity. DOD is not up to the task of protecting missions from software vulnerabilities,' Jarzombek said last week at the annual Systems and Software Technology Conference.
The proposed lab would create a single executive organization responsible for software integrity and information assurance. Jarzombek said DOD has so many millions of lines of code, it would take years to identify what was developed where.