'Tiger team' to test foreign software

The Pentagon is fielding a task force charged with testing software developed overseas, according to a Defense Department official.

The 'tiger team,' organized within the Defense CIO's office, is ready to move to the implementation stage, said Kristen Baldwin, deputy director for software engineering and systems assurance in the Office of the Undersecretary of Defense for Acquisition, Technology, and Logistics. Baldwin spoke yesterday at the DHS-DOD Software Assurance Forum in Fairfax, Va.

'Tiger team' is a software-industry term for a group that conducts penetration testing to assess software security.

'Success means they understand where their focus needs to be and how to prioritize their efforts,' Baldwin said. 'They understand the supply-chain impact on systems engineering, and are ready to move forward in an effort to mitigate assurance risk.'

DOD strategy calls for using 'all-source information to characterize supplier threat,' Baldwin added.

In 2004, the Government Accountability Office, noting that the military relies increasingly on software and information systems for its weapons capabilities, found that 'traditional DOD prime contractors are subcontracting more of their software development to lower-tier and sometimes nontraditional defense suppliers,' which use offshore locations and foreign companies for some software development. An ongoing Defense Science Board task force, convened in 2005, is studying the same issue.

Offshore software development poses vulnerabilities, 'such as the insertion of malicious code by software developers,' but mitigating those risks has 'not been adopted as practice within DOD,' the GAO concluded

Dealing with the impact of what the Pentagon dubs 'the foreign influence on DOD software' will not involve a buy-American strategy, however. 'Globalization is the reality we face,' Baldwin said. 'We will continue to rely on a global supply chain' when acquiring software for the Department of Defense.

About the Author

Peter Buxbaum is a special contributor to Defense Systems.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected