The US has introduced new policies for military software engineers aimed at pre-empting software supply chain attacks.
The policy, contained in the 2013 National Defense Authorization Act, introduces new software testing rules to prevent security breaches that exploit design flaws in computer code, say US reports.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The move comes after US Homeland Security officials warned that contractor requirements and code developers were overlooking software integrity to the detriment of national security.
The new baseline software assurance policy requires military IT staff to use automated vulnerability analysis tools to inspect software code during the entire lifecycle of the computer program.
In addition to mandating tighter software assurance, the law requires defence firms to inform military officials about any breaches of company networks.
Read more about cyber defence
Software assurance refers to the level of confidence that code is free of vulnerabilities – inserted either inadvertently or intentionally – that can create gateways for attackers.
The law also calls for a review of how the US Cyber Command operates; a strategy for deploying a futuristic information technology structure and information environment for the US military; and a more robust threat-detection system to block leaks of classified data and identify potential insider threats.