Accession Number : AD1018805


Title :   Acquisition Regulations and Offshore Software Development: Implications for Cybersecurity of DOD Networks


Descriptive Note : Technical Report


Corporate Author : Air War College Air University Maxwell AFB United States


Personal Author(s) : Hund,Roman L


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1018805.pdf


Report Date : 14 Feb 2013


Pagination or Media Count : 28


Abstract : Malicious code, such as Zero-day exploits, utilize vulnerabilities in Commercial-Off-The-Shelf (COTS) software to cause damage in cyberspace. Because of the prevalence of offshore software development, COTS software is exposed to increased vulnerabilities and provides access for our adversaries to manipulate software code. Defense networks are built primarily on COTS products and software because our acquisition rules are focused on streamlined procurement of COTS Information Technology (IT) products in Federal government organizations. This paper will show that updates to our Federal Acquisition Regulations (FARs) could increase our understanding of the origin of software code and provide access to source code for in-depth vulnerability analysis providing improved cyber security.


Descriptors :   department of defense , operating systems (computers) , computer network security , information systems , government procurement , public policy , denial of service attack , malware , acquisition , national security , software engineering , vulnerability


Distribution Statement : APPROVED FOR PUBLIC RELEASE