Some of Our Sources
- Slashdot
- Engadget
- Technology Review
- TutsPlus - Code
- Team Treehouse
- The Logo Smith
- FanExtra - PSD
- Crazy Leaf Design
- Reencoded
- Willems Lab
Help Webnuz
Referal links:
December 21, 2020 11:34 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gU-Ks2Y8Nd0/how-do-us-government-agencies-verify-security-software-from-private-contractors
How Do US Government Agencies Verify Security Software from Private Contractors?
A recent article at Politico argues that the U.S. government "doesn't do much to verify the security of software from private contractors. And that's how suspected Russian hackers got in."The federal government conducts only cursory security inspections of the software it buys from private companies for a wide range of activities, from managing databases to operating internal chat applications. That created the blind spot that suspected Russian hackers exploited to breach the Treasury Department, the Department of Homeland Security, the National Institutes of Health and other agencies... Attacks on vendors in the software supply chain represent a known issue that needs to be prioritized, said Rep. Jim Langevin (D-R.I.), the co-founder of the Congressional Cybersecurity Caucus. "The SolarWinds incident... underscores that supply chain security is a topic that needs to be front and center," Langevin said.... He said Congress needs to "incentivize" the companies to make their software more secure, which could require expensive changes. Some others are calling for regulation. Private companies regularly deploy software with undiscovered bugs because developers lack the time, skill or incentive to fully inspect them. Long-time open source advocate Steven J. Vaughan-Nichols argues another issue is the closed-source nature of SolarWinds' software:Proprietary software — a black box where you can never know what's really going on — is now, always has been, and always will be more of a security problem. I would no more trust anything mission critical to proprietary software than I would drive a car at night without lights or a fastened seat belt... A fundamental open source principle is that by bringing many eyeballs to programs more errors will be caught. That doesn't mean all errors are caught, just a lot more than those by a single proprietary company... Just consider the sheer number of serious Windows bugs — does a month go by without one? — compared to those of Linux... In short, proprietary software companies, like SolarWinds, are still making huge security blunders, which are hidden from users until the damage is done.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/gU-Ks2Y8Nd0/how-do-us-government-agencies-verify-security-software-from-private-contractors
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot