Accession Number : AD1018805

Title :   Acquisition Regulations and Offshore Software Development: Implications for Cybersecurity of DOD Networks

Descriptive Note : Technical Report

Corporate Author : Air War College Air University Maxwell AFB United States

Personal Author(s) : Hund,Roman L

Full Text :

Report Date : 14 Feb 2013

Pagination or Media Count : 28

Abstract : Malicious code, such as Zero-day exploits, utilize vulnerabilities in Commercial-Off-The-Shelf (COTS) software to cause damage in cyberspace. Because of the prevalence of offshore software development, COTS software is exposed to increased vulnerabilities and provides access for our adversaries to manipulate software code. Defense networks are built primarily on COTS products and software because our acquisition rules are focused on streamlined procurement of COTS Information Technology (IT) products in Federal government organizations. This paper will show that updates to our Federal Acquisition Regulations (FARs) could increase our understanding of the origin of software code and provide access to source code for in-depth vulnerability analysis providing improved cyber security.

Descriptors :   department of defense , operating systems (computers) , computer network security , information systems , government procurement , public policy , denial of service attack , malware , acquisition , national security , software engineering , vulnerability

Distribution Statement : APPROVED FOR PUBLIC RELEASE