'Tiger team' to test foreign software

The Pentagon is fielding a task force charged with testing software developed overseas, according to a Defense Department official.

The 'tiger team,' organized within the Defense CIO's office, is ready to move to the implementation stage, said Kristen Baldwin, deputy director for software engineering and systems assurance in the Office of the Undersecretary of Defense for Acquisition, Technology, and Logistics. Baldwin spoke yesterday at the DHS-DOD Software Assurance Forum in Fairfax, Va.

'Tiger team' is a software-industry term for a group that conducts penetration testing to assess software security.

'Success means they understand where their focus needs to be and how to prioritize their efforts,' Baldwin said. 'They understand the supply-chain impact on systems engineering, and are ready to move forward in an effort to mitigate assurance risk.'

DOD strategy calls for using 'all-source information to characterize supplier threat,' Baldwin added.

In 2004, the Government Accountability Office, noting that the military relies increasingly on software and information systems for its weapons capabilities, found that 'traditional DOD prime contractors are subcontracting more of their software development to lower-tier and sometimes nontraditional defense suppliers,' which use offshore locations and foreign companies for some software development. An ongoing Defense Science Board task force, convened in 2005, is studying the same issue.

Offshore software development poses vulnerabilities, 'such as the insertion of malicious code by software developers,' but mitigating those risks has 'not been adopted as practice within DOD,' the GAO concluded

Dealing with the impact of what the Pentagon dubs 'the foreign influence on DOD software' will not involve a buy-American strategy, however. 'Globalization is the reality we face,' Baldwin said. 'We will continue to rely on a global supply chain' when acquiring software for the Department of Defense.

About the Author

Peter Buxbaum is a special contributor to Defense Systems.


  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected