US military gets new software testing rules

News

US military gets new software testing rules

Warwick Ashford

The US has introduced new policies for military software engineers aimed at pre-empting software supply chain attacks.

The policy, contained in the 2013 National Defense Authorization Act, introduces new software testing rules to prevent security breaches that exploit design flaws in computer code, say US reports.

The move comes after US Homeland Security officials warned that contractor requirements and code developers were overlooking software integrity to the detriment of national security.

The new baseline software assurance policy requires military IT staff to use automated vulnerability analysis tools to inspect software code during the entire lifecycle of the computer program.

In addition to mandating tighter software assurance, the law requires defence firms to inform military officials about any breaches of company networks.

Software assurance refers to the level of confidence that code is free of vulnerabilities – inserted either inadvertently or intentionally – that can create gateways for attackers.

The law also calls for a review of how the US Cyber Command operates; a strategy for deploying a futuristic information technology structure and information environment for the US military; and a more robust threat-detection system to block leaks of classified data and identify potential insider threats.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy