DOD moves to improve software assurance

The Defense Department is planning acquisition policy changes aimed at improving the quality and security of the software it buys from vendors.

"We are reviewing our policies to assure acquisition officials that they have the authority to exclude companies or products that represent too much of a risk to DOD," said Joe Jarzombek, deputy director for software assurance in DOD's Information Assurance Directorate.

The software assurance initiative is expected to include evaluation of vendors and their business practices as well as of products for critical software.

Jarzombek, who spoke today at the SecurE-Biz.net security conference in Washington, said his office is planning a series of workshops this summer to discuss the issues. Recommendations will be presented at a forum tentatively scheduled for Aug. 31 and Sept. 1.

A report released by the General Accounting Office last month found that DOD software security policies do not address the risk of using foreign suppliers.

Although DOD agrees that more attention should be paid to the source of sensitive software, the department wants to avoid passage of buy-American legislation, Jarzombek said.

"Congress is keenly interested in foreign suppliers of products and services," he said. "But that causes us to focus on the wrong problem," because the lines between foreign and domestic suppliers are not clear and because there is no guarantee that domestic suppliers are trustworthy.

As envisioned, the software assurance initiative would require three evaluations for high assurance software:

  • Counterintelligence threat assessment of the company, to determine the level of trust in employees

  • Business practice assessment, in which the company is checked against 16 practices to ensure that security is incorporated into the development process

  • Product evaluation.


The rigor of product evaluation will depend in part on the results of the first two assessments.

Two of the five anticipated workshops are expected to be open to the vendor community. Dates and locations of the workshops have not been determined. Additional information about the workshops and participation is available from Jarzombek, 703-604-1489, ext. 154.

About the Author

William Jackson is a Maryland-based freelance writer.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.