Archive for July, 2011
Points of View: Software Assurance
Posted by mward in customers, products and services on July 26, 2011
Software Assurance (SwA) is a major area of concern for our systems as the threat focuses more on the mission applications versus the infrastructure now that the Department of Defense (DoD) has hardened the networks and operating system platforms. Among other things, this means that mission applications need to be carefully verified for compliance with information assurance controls that outline the essential discipline required to survive on the modern cyber battlefield. The fact is that the developer, who may be very mature with a Capability Maturity Model Integration (CMMI) level 5, will often use open source or commercial software they did not write. They may include software from vendors with a risky pedigree, or they may have software code writers either on their staff or on the staff of their suppliers who are not really current on how to write secure code.
In order to address these issues, developers and maintainers of software need to implement processes and independent validation routines that will “bake security in” to the software that soldiers need. This is not about just meeting information assurance or security requirements to achieve approval to operate, it is about improving the reliability, integrity, and maintainability of software. If the software fails under attack it means more than just that a security requirement was not met.
Therefore, code analysis needs to go beyond just peer review. Moreover, validation of software performance needs to go beyond “black box” functional testing. What developers really need is an independent software quality assessment regimen. This regimen will use independent and qualified software professionals that apply not only effective static code analysis tools, but plain good judgment to check the source code. These professionals provide useful metrics and “actionable recommendations” back to both developers and their managers. This allows improvements not just to the code, but to the technique used to write the applications in the first place.
Educating your programmers on the Defense Information System Agency (DISA) Security Technical Implementation Guidance (STIG) for applications and teaching them how to apply these practices, could potentially save your organization from running into problems in both deployment and in daily operations. The enemy gets to vote and this means the enemy will attack your software mission applications without mercy. They are in it to win as much as we are!
Recent events have shown how even outstanding organizations with prestigious track records can be seriously compromised by adversaries attacking the soft underbelly of our systems. Acquisition professionals need to ensure that contracts, service level agreements, and performance objectives clearly address software assurance so that the bar is properly set for the effective development, deployment, and maintenance of mission applications.
- Frank Mayer
Frank Mayer is the Acting Deputy Director of Software Support Services at SEC and a retired Lieutenant Colonel in the Army Reserve.
LinkedIn quickly increasing in US popularity
Posted by mward in social media on July 13, 2011
It was recently announced that LinkedIn, a social networking site dedicated to connecting professionals and job-seekers throughout the world, is now the second-most actively used social networking site in the US. LinkedIn, having now surpassed MySpace, is second only to Facebook in popularity.
With so many social networking sites available to users, each with its own goals and merits, it isn’t always easy to determine which to use or whether to use them all. Many folks stay actively engaged in a variety of social media, like maintaining their own blogs, tweeting their day’s events, and finding where their friends are on FourSquare. Others tend to separate their use of social media, depending on their goals. This is likely how Facebook and LinkedIn have risen to such incredible popularity. While most people enjoy sharing their thoughts and daily activities, both private and public, with friends on Facebook, there may be hesitation to share this information with one’s colleagues. Facebook users may find themselves denying friend requests from current and even former colleagues because of this. This is where LinkedIn can be truly beneficial. Users can maintain relationships with co-workers, former supervisors, and contacts they’ve made throughout their careers, without blurring the lines between personal and professional conversation. The varied focus of these social networks is more proof how social media can expand and enhance our real-life relationships.
Soldiers, particularly, have an opportunity to use social networks to enrich their communication. Active duty soldiers keep in touch with friends and family through social networks by exchanging stories, pictures, video, and more. Here at SEC, we use the SEC Live blog to share our thoughts on technology and innovation, amongst so many other topics. We also use the CECOM Facebook page to make announcements and share news about our organization. We’d like to know what type of social media you’re using. How do you connect, both personally and professionally?
Remembering the true meaning of Independence Day
Posted by mward in Uncategorized on July 1, 2011
We all know that On July 4, 1776 legal separation of the original thirteen colonies from Great Britain was declared. However, what everyone doesn’t know is that John Adams had written a letter to his wife Abigail, foreseeing the importance this act would have on the country from then on. The letter read, “I am apt to believe that it will be celebrated, by succeeding Generations, as the great anniversary Festival. It ought to be commemorated, as the Day of Deliverance by solemn Acts of Devotion to God Almighty. It ought to be solemnized with Pomp and Parade, with Shews, Games, Sports, Guns, Bells, Bonfires and Illuminations from one End of this Continent to the other from this Time forward forever more.” . Unfortunately, his prediction was off by two days.
Nowadays, Independence Day is celebrated with fireworks, barbecues and political heads attending public events. Military bases even show their appreciation for this day by performing what is known as a “salute to the union,” by firing a gun for each state in the Americas at noon on July 4. Many traditions have developed over the years as a way for people to join together and celebrate this memorable day. Some of these traditions include the Bristol Fourth of July Parade held in Bristol, Rhode Island which has survived since 1785. Another major tradition involves the Nathan’s Hot Dog Eating Contest in Coney Island, which was developed on Independence Day in 1916 by four men fighting to prove who was the most patriotic. People all over the country unite on this day to remember how lucky we are to have our freedom, and to honor the military for continuing to fight for it. This day goes out to all of the soldiers who are facing the independence war everyday and to those who have lost their lives for it.
Remember to enjoy this day with your family and friends and take a moment to keep in mind why this day is so significant in our history. If you have a tradition that you celebrate on Independence Day, don’t be afraid to share it with us. We would love to hear all the different ways everyone chooses to celebrate their 4th of July! Enjoy your holiday!
- Amy Wuyscik, Operations Directorate
Need to report suspicious activity?