Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
NASA launches software assurance program
Thursday - 6/24/2010, 7:30pm EDT
Federal News Radio
As cyber threats continue to increase, agencies are looking to software contractors for technologies to help protect their assets. Jerry Davis, NASA's chief information security officer, says that's not good enough.
"The software industry is really one of the only organizations where you can knowingly build a defective product and push it out to a potential buyer and the buyer assumes all the risk," he says.
Davis, who spoke Thursday at an AFCEA panel on the role of the CISO, says buying products that don't interface correctly leads to a cycle of patching applications that is both time consuming and could compromise security.
NASA expects to teach Web developers how to look for and design secure applications. Classes also will focus on how to "design out common vulnerabilities" that are frequently exploited. Davis says Web applications are one of the most common attack vectors against both the government and the private sector.
Davis says SAWG expects to have the courses designed and sent out to its developers by the end of the calendar year.
Next fiscal year, the working group will begin developing tools to protect the vulnerable Web applications that NASA already is using.
"You can't go back and fix them all, so you have to find out a way to protect those legacy applications using certain tools" says Davis.
SAWG functions under NASA's IT Security Division and focuses primarily on applications developed in house, but also will look at new technology from contractors.
Davis says NASA exchanges information with contractors as products are in development: "We're working with them, learning about their process, and teaching them about the cyber aspect of things of what they need to be aware of when their dealing with software applications," he says.
Davis says NASA doesn't have firm information on how much software is developed in house or on how many programmers are developing it. SAWG hopes to gather that data before or during the education phase in order to have a better idea of what their employees need.
Meg Beasley is an intern with Federal News Radio.
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)