Concerned about the threat of supply chain attacks, the United States government has launched a new policy for its military software engineers. ComputerWeekly.com has the story:
The policy, contained in the 2013 National Defense Authorization Act, introduces new software testing rules to prevent security breaches that exploit design flaws in computer code, say US reports. The move comes after US Homeland Security officials warned that contractor requirements and code developers were overlooking software integrity to the detriment of national security.
The new baseline software assurance policy requires military IT staff to use automated vulnerability analysis tools to inspect software code during the entire lifecycle of the computer program.
In addition to mandating tighter software assurance, the law requires defence firms to inform military officials about any breaches of company networks. Software assurance refers to the level of confidence that code is free of vulnerabilities – inserted either inadvertently or intentionally – that can create gateways for attackers.
The bill, not surprisingly, is almost 700 pages long, but you can read it here if you have nothing better to do (not recommended).