'Tiger team' to test foreign software

The Pentagon is fielding a task force charged with testing software developed overseas, according to a Defense Department official.

The 'tiger team,' organized within the Defense CIO's office, is ready to move to the implementation stage, said Kristen Baldwin, deputy director for software engineering and systems assurance in the Office of the Undersecretary of Defense for Acquisition, Technology, and Logistics. Baldwin spoke yesterday at the DHS-DOD Software Assurance Forum in Fairfax, Va.

'Tiger team' is a software-industry term for a group that conducts penetration testing to assess software security.

'Success means they understand where their focus needs to be and how to prioritize their efforts,' Baldwin said. 'They understand the supply-chain impact on systems engineering, and are ready to move forward in an effort to mitigate assurance risk.'

DOD strategy calls for using 'all-source information to characterize supplier threat,' Baldwin added.

In 2004, the Government Accountability Office, noting that the military relies increasingly on software and information systems for its weapons capabilities, found that 'traditional DOD prime contractors are subcontracting more of their software development to lower-tier and sometimes nontraditional defense suppliers,' which use offshore locations and foreign companies for some software development. An ongoing Defense Science Board task force, convened in 2005, is studying the same issue.

Offshore software development poses vulnerabilities, 'such as the insertion of malicious code by software developers,' but mitigating those risks has 'not been adopted as practice within DOD,' the GAO concluded

Dealing with the impact of what the Pentagon dubs 'the foreign influence on DOD software' will not involve a buy-American strategy, however. 'Globalization is the reality we face,' Baldwin said. 'We will continue to rely on a global supply chain' when acquiring software for the Department of Defense.

About the Author

Peter Buxbaum is a special contributor to Defense Systems.

inside gcn

  • connected vehicles

    4 connected vehicle apps Michigan is testing right now

Reader Comments

Mon, Jul 26, 2010 Saleh Alsanad Kuwait

Every company should have a tiger team =-D

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group