Acquisition Regulations and Offshore Software Development: Implications for Cybersecurity of DOD Networks
Air War College Air University Maxwell AFB United States
Pagination or Media Count:
Malicious code, such as Zero-day exploits, utilize vulnerabilities in Commercial-Off-The-Shelf COTS software to cause damage in cyberspace. Because of the prevalence of offshore software development, COTS software is exposed to increased vulnerabilities and provides access for our adversaries to manipulate software code. Defense networks are built primarily on COTS products and software because our acquisition rules are focused on streamlined procurement of COTS Information Technology IT products in Federal government organizations. This paper will show that updates to our Federal Acquisition Regulations FARs could increase our understanding of the origin of software code and provide access to source code for in-depth vulnerability analysis providing improved cyber security.