That key message was hammered home repeatedly at a two-day forum earlier this month hosted jointly by the Defense and Homeland Security departments.
Vendors will not invest in improving the quality of their software of their own volition, said Priscilla Guthrie, deputy CIO and deputy assistant secretary of Defense for networks and information integration. “We’ve got to use acquisition organizations to put together a software assurance policy,” Guthrie said. “We have to get acquisition organizations to work with us to make sure [it’s] part of the way we buy.”
Dan Wolf, information assurance director of the National Security Agency, said improving the quality of software is a matter of national security.
“Our adversaries have made a big point of how information operations are a preferred weapon,” Wolf said, warning that the country’s enemies are focusing on finding ways to infiltrate and take over critical systems.
Alan Paller, director of research at the SANS Institute of Bethesda, Md., added that procurement officers need to include different language regarding software performance, security and reliability in contracts, as the best way to get vendors to take action.
Integrators, Paller said, are of the opinion that, “If it’s in the [Federal Acquisition Regulations] we can ignore it, but if it’s in the contract we do it.”
Autor: Patience Wait
Quelle: Government Computer News, 10.10.2005
