[Full-disclosure] Defense board sounds louder alarm about foreign software development
worriedsecurity at googlemail.com
Wed Dec 5 21:51:04 GMT 2007
Software developed in foreign countries and used by the Defense
Department and other agencies puts federal information systems at
serious risk of being hacked and compromised, according to a recent
report issued by Defense's top advisory board.
The report, released last month by a Defense Science Board task force,
warns that "globalization of software development where some ... U.S.
adversaries are writing the code that ... [Defense] will depend upon
in war creates a rich opportunity to damage or destroy elements of the
Defense relies heavily on commercial off-the-shelf and custom-built
software developed in countries such as India, China and Russia, so it
can quickly and cheaply take advantage of the latest advances designed
for global markets rather than relying solely on U.S. developers.
But the task force's report, "Mission Impact of Foreign Influence on
DoD Software," concluded that relying on software developed in other
countries "presents an opportunity for threat agents to attack the
confidentiality, integrity and availability of operating systems,
middleware and applications that are essential to operations of U.S.
government information systems and the DoD."
The report emphasized that "the most direct threat is foreign
corruption of software: insertion by the developer of malware,
backdoors and other intentional flaws that can later by exploited."
Full-Disclosure is hosted and sponsored by Secunia.