US military gets new software testing rules


US military gets new software testing rules

Warwick Ashford

The US has introduced new policies for military software engineers aimed at pre-empting software supply chain attacks.

The policy, contained in the 2013 National Defense Authorization Act, introduces new software testing rules to prevent security breaches that exploit design flaws in computer code, say US reports.

The move comes after US Homeland Security officials warned that contractor requirements and code developers were overlooking software integrity to the detriment of national security.

The new baseline software assurance policy requires military IT staff to use automated vulnerability analysis tools to inspect software code during the entire lifecycle of the computer program.

In addition to mandating tighter software assurance, the law requires defence firms to inform military officials about any breaches of company networks.

Software assurance refers to the level of confidence that code is free of vulnerabilities – inserted either inadvertently or intentionally – that can create gateways for attackers.

The law also calls for a review of how the US Cyber Command operates; a strategy for deploying a futuristic information technology structure and information environment for the US military; and a more robust threat-detection system to block leaks of classified data and identify potential insider threats.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy