lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <67ea64530712051351o3ecda953y992517f7c5bf744f@mail.gmail.com>
Date: Wed, 5 Dec 2007 21:51:04 +0000
From: "worried security" <worriedsecurity@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Defense board sounds louder alarm about foreign
	software development

Software developed in foreign countries and used by the Defense
Department and other agencies puts federal information systems at
serious risk of being hacked and compromised, according to a recent
report issued by Defense's top advisory board.

The report, released last month by a Defense Science Board task force,
warns that "globalization of software development where some ... U.S.
adversaries are writing the code that ... [Defense] will depend upon
in war creates a rich opportunity to damage or destroy elements of the
warfighter's capability."

Defense relies heavily on commercial off-the-shelf and custom-built
software developed in countries such as India, China and Russia, so it
can quickly and cheaply take advantage of the latest advances designed
for global markets rather than relying solely on U.S. developers.

But the task force's report, "Mission Impact of Foreign Influence on
DoD Software," concluded that relying on software developed in other
countries "presents an opportunity for threat agents to attack the
confidentiality, integrity and availability of operating systems,
middleware and applications that are essential to operations of U.S.
government information systems and the DoD."

The report emphasized that "the most direct threat is foreign
corruption of software: insertion by the developer of malware,
backdoors and other intentional flaws that can later by exploited."

http://www.govexec.com/story_page.cfm?articleid=38713&dcn=todaysnews

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ