'Tiger team' to test foreign software

The Pentagon is fielding a task force charged with testing software developed overseas, according to a Defense Department official.

The 'tiger team,' organized within the Defense CIO's office, is ready to move to the implementation stage, said Kristen Baldwin, deputy director for software engineering and systems assurance in the Office of the Undersecretary of Defense for Acquisition, Technology, and Logistics. Baldwin spoke yesterday at the DHS-DOD Software Assurance Forum in Fairfax, Va.

'Tiger team' is a software-industry term for a group that conducts penetration testing to assess software security.

'Success means they understand where their focus needs to be and how to prioritize their efforts,' Baldwin said. 'They understand the supply-chain impact on systems engineering, and are ready to move forward in an effort to mitigate assurance risk.'

DOD strategy calls for using 'all-source information to characterize supplier threat,' Baldwin added.

In 2004, the Government Accountability Office, noting that the military relies increasingly on software and information systems for its weapons capabilities, found that 'traditional DOD prime contractors are subcontracting more of their software development to lower-tier and sometimes nontraditional defense suppliers,' which use offshore locations and foreign companies for some software development. An ongoing Defense Science Board task force, convened in 2005, is studying the same issue.

Offshore software development poses vulnerabilities, 'such as the insertion of malicious code by software developers,' but mitigating those risks has 'not been adopted as practice within DOD,' the GAO concluded

Dealing with the impact of what the Pentagon dubs 'the foreign influence on DOD software' will not involve a buy-American strategy, however. 'Globalization is the reality we face,' Baldwin said. 'We will continue to rely on a global supply chain' when acquiring software for the Department of Defense.

About the Author

Peter Buxbaum is a special contributor to Defense Systems.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected