Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
NASA launches software assurance program
Thursday - 6/24/2010, 7:30pm EDT
Federal News Radio
As cyber threats continue to increase, agencies are looking to software contractors for technologies to help protect their assets. Jerry Davis, NASA's chief information security officer, says that's not good enough.
"The software industry is really one of the only organizations where you can knowingly build a defective product and push it out to a potential buyer and the buyer assumes all the risk," he says.
Davis, who spoke Thursday at an AFCEA panel on the role of the CISO, says buying products that don't interface correctly leads to a cycle of patching applications that is both time consuming and could compromise security.
NASA expects to teach Web developers how to look for and design secure applications. Classes also will focus on how to "design out common vulnerabilities" that are frequently exploited. Davis says Web applications are one of the most common attack vectors against both the government and the private sector.
Davis says SAWG expects to have the courses designed and sent out to its developers by the end of the calendar year.
Next fiscal year, the working group will begin developing tools to protect the vulnerable Web applications that NASA already is using.
"You can't go back and fix them all, so you have to find out a way to protect those legacy applications using certain tools" says Davis.
SAWG functions under NASA's IT Security Division and focuses primarily on applications developed in house, but also will look at new technology from contractors.
Davis says NASA exchanges information with contractors as products are in development: "We're working with them, learning about their process, and teaching them about the cyber aspect of things of what they need to be aware of when their dealing with software applications," he says.
Davis says NASA doesn't have firm information on how much software is developed in house or on how many programmers are developing it. SAWG hopes to gather that data before or during the education phase in order to have a better idea of what their employees need.
Meg Beasley is an intern with Federal News Radio.
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)