The Resource Defense Acquisitions: Knowledge of Software Suppliers Needed to Manage Risks

Defense Acquisitions: Knowledge of Software Suppliers Needed to Manage Risks

Label
Defense Acquisitions: Knowledge of Software Suppliers Needed to Manage Risks
Title
Defense Acquisitions: Knowledge of Software Suppliers Needed to Manage Risks
Contributor
Subject
Language
eng
Summary
The Department of Defense (DoD) is increasingly reliant on software and information systems for its weapon capabilities, and DoD prime contractors are subcontracting more of their software development. The increased reliance on software and a greater number of suppliers results in more opportunities to exploit vulnerabilities in defense software. In addition, DoD has reported that countries hostile to the United States are focusing resources on information warfare strategies. Therefore, software security, including the need for protection of software code from malicious activity, is an area of concern for many DoD programs. DoD acquisition and software security policies do not fully address the risk of using foreign suppliers to develop weapon systems software. The current acquisition guidance allows program officials discretion in managing foreign involvement in software development, without requiring them to identify and mitigate such risks. Moreover, other policies intended to mitigate information systems vulnerabilities focus mostly on operational software security threats, such as external hacking and unauthorized access to information systems, but not on insider threats, such as the insertion of malicious code by software developers. Recent DoD initiatives may provide greater focus on these risks, but to date have not been adopted as practice within DoD. GAO was asked to examine DoD's efforts to identify software development suppliers, and manage risks related to foreign involvement in software development on weapon systems. To address software vulnerabilities and threats, GAO recommends that DoD better define software security requirements and require program managers to mitigate associated risks accordingly. DoD agreed with the findings but only partially concurred with the recommendations over concerns that they place too much responsibility for risk mitigation with program managers. GAO has broadened the recommendations to address DoD's concerns
Cataloging source
DTICE
Index
no index present
Literary form
non fiction
http://library.link/vocab/relatedWorkOrContributorName
  • Neumann, John
  • Mullins, Brian
  • Cohen, Delores
  • Oakley, Shelby S
  • Miller, Christopher
  • Middleton, Gary
  • Ahearn, Marie
  • GOVERNMENT ACCOUNTABILITY OFFICE WASHINGTON DC
http://library.link/vocab/subjectName
  • Software engineering
  • Foreign
  • Contract administration
  • Security
  • Military procurement
  • Risk management
  • Weapon systems
  • Requirements
  • Vulnerability
  • Coding
  • Cyberterrorism
  • Project management
  • Information warfare
  • Classified materials
  • Protection
  • Contractors
  • Government(foreign)
  • Threats
  • Information systems
  • Department of defense
  • Policies
  • Administration and Management
  • Computer Programming and Software
  • Logistics, Military Facilities and Supplies
Label
Defense Acquisitions: Knowledge of Software Suppliers Needed to Manage Risks
Instantiates
Publication
Note
Report to Congressional Requesters. The original document contains color images
Carrier category
online resource
Carrier category code
  • cr
Carrier MARC source
rdacarrier
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Extent
34 pages
Form of item
online
Governing access note
APPROVED FOR PUBLIC RELEASE
Media category
computer
Media MARC source
rdamedia
Media type code
  • c
Note
Hein Online
System control number
  • (OCoLC)227938387
  • (OCoLC)ocn227938387
Label
Defense Acquisitions: Knowledge of Software Suppliers Needed to Manage Risks
Publication
Note
Report to Congressional Requesters. The original document contains color images
Carrier category
online resource
Carrier category code
  • cr
Carrier MARC source
rdacarrier
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Extent
34 pages
Form of item
online
Governing access note
APPROVED FOR PUBLIC RELEASE
Media category
computer
Media MARC source
rdamedia
Media type code
  • c
Note
Hein Online
System control number
  • (OCoLC)227938387
  • (OCoLC)ocn227938387

Library Locations

  • African Studies LibraryBorrow it
    771 Commonwealth Avenue, 6th Floor, Boston, MA, 02215, US
    42.350723 -71.108227
  • Alumni Medical LibraryBorrow it
    72 East Concord Street, Boston, MA, 02118, US
    42.336388 -71.072393
  • Astronomy LibraryBorrow it
    725 Commonwealth Avenue, 6th Floor, Boston, MA, 02445, US
    42.350259 -71.105717
  • Fineman and Pappas Law LibrariesBorrow it
    765 Commonwealth Avenue, Boston, MA, 02215, US
    42.350979 -71.107023
  • Frederick S. Pardee Management LibraryBorrow it
    595 Commonwealth Avenue, Boston, MA, 02215, US
    42.349626 -71.099547
  • Howard Gotlieb Archival Research CenterBorrow it
    771 Commonwealth Avenue, 5th Floor, Boston, MA, 02215, US
    42.350723 -71.108227
  • Mugar Memorial LibraryBorrow it
    771 Commonwealth Avenue, Boston, MA, 02215, US
    42.350723 -71.108227
  • Music LibraryBorrow it
    771 Commonwealth Avenue, 2nd Floor, Boston, MA, 02215, US
    42.350723 -71.108227
  • Pikering Educational Resources LibraryBorrow it
    2 Silber Way, Boston, MA, 02215, US
    42.349804 -71.101425
  • School of Theology LibraryBorrow it
    745 Commonwealth Avenue, 2nd Floor, Boston, MA, 02215, US
    42.350494 -71.107235
  • Science & Engineering LibraryBorrow it
    38 Cummington Mall, Boston, MA, 02215, US
    42.348472 -71.102257
  • Stone Science LibraryBorrow it
    675 Commonwealth Avenue, Boston, MA, 02445, US
    42.350103 -71.103784
Processing Feedback ...