Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
NASA launches software assurance program
Thursday - 6/24/2010, 7:30pm EDT
Federal News Radio
As cyber threats continue to increase, agencies are looking to software contractors for technologies to help protect their assets. Jerry Davis, NASA's chief information security officer, says that's not good enough.
"The software industry is really one of the only organizations where you can knowingly build a defective product and push it out to a potential buyer and the buyer assumes all the risk," he says.
Davis, who spoke Thursday at an AFCEA panel on the role of the CISO, says buying products that don't interface correctly leads to a cycle of patching applications that is both time consuming and could compromise security.
NASA expects to teach Web developers how to look for and design secure applications. Classes also will focus on how to "design out common vulnerabilities" that are frequently exploited. Davis says Web applications are one of the most common attack vectors against both the government and the private sector.
Davis says SAWG expects to have the courses designed and sent out to its developers by the end of the calendar year.
Next fiscal year, the working group will begin developing tools to protect the vulnerable Web applications that NASA already is using.
"You can't go back and fix them all, so you have to find out a way to protect those legacy applications using certain tools" says Davis.
SAWG functions under NASA's IT Security Division and focuses primarily on applications developed in house, but also will look at new technology from contractors.
Davis says NASA exchanges information with contractors as products are in development: "We're working with them, learning about their process, and teaching them about the cyber aspect of things of what they need to be aware of when their dealing with software applications," he says.
Davis says NASA doesn't have firm information on how much software is developed in house or on how many programmers are developing it. SAWG hopes to gather that data before or during the education phase in order to have a better idea of what their employees need.
Meg Beasley is an intern with Federal News Radio.
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)