Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trustworthy Software For The NSA?

Posted by simoniker on from the secrets-lurking-behind-installer dept.

Janus Daniels writes "There's a new story from the New York Times, as reprinted at CNET News, about security concerns for Government agencies buying software from overseas. According to the article, a whistle-blower who helped sell software to the National Security Agency says that much of the development work is subcontracted to China, raising serious national security risks. He also discovered in the sales-support database... the names of more than 30 [identity-classified] employees of the United States National Security Agency...'"

8 of 229 comments (clear)

  1. This will probably be said 22241515 times... by ascalon · · Score: 3, Insightful

    ... but if they are afraid of untrustworthy software they really should hire someone to make them a custom open source solution. Or something. Yeah.

  2. Even if its in the U.S. by Goalie_Ca · · Score: 5, Insightful

    ...who's to say that there might not be spies writting the software anyways. Can't the NSA write their own source code. They've already contributed selinux.

    --

    ----
    Go canucks, habs, and sens!
  3. One of the problems of commercializing government. by BWJones · · Score: 4, Insightful

    Given the recent push to commercialize various aspects of government, this is one of the potential pitfalls. Businesses will subcontract work to the lowest bidder and eliminate one of the internal controls that many government software projects have had in the past.

    --
    Visit Jonesblog and say hello.
  4. Re:Trusting trust by FredThompson · · Score: 5, Insightful

    A common misconception is that the NSA buys/evaluates software the same way Joe Blow does.

    I've been there and written code. Got a joint service commendation medal for software work for nuke command & control. The review process for critical code is excruciating.

    This article is a lot of FUD.

    Did you notice they don't make ANY claim whatsoever about what TYPE of software development? Hmmmm...that's interesting.

    It's always possible espionage can happen. Having said that, there's a LOT that goes on at the NSA. Look at the publicly available pictures of the headquarters building. Ever wonder what it takes to feed and supply people and keep it clean?

    There are different levels of software oversight, just as in the "outside" world. Yes, IRTA, and all I see is what looks like someone who was outside the loop making FUD statements about what's inside the loop.

    Did you notice this doofus hasn't been on the job that long? Did you notice he was "alarmed" that the names of people were available? Well, duh!!

    If you need to contact someone because you're contractually obligated to them, don't you need to know who they are and how to reach them? My family could pick up the phone and call me at work anytime they wanted and they met a lot of the people I worked with. This guy has watched too much TV. How does he think contrators communicate with the NSA? Trap doors and dead drops?

    FWIW, I've never used or owned a shoe phone. Nor did we talk under a cone of silence.

    Personally, I like "Alias" but let's get real, everyone doesn't sneak around through hidden doors with code names.

    To my eyes, this guy didn't have access to much of anything. Maybe he wanted to get into the secure side of the development and was refused. Hmmm..ya think?

  5. It's a government agency, what's the shock? by AxelTorvalds · · Score: 5, Insightful
    I've wondered about this for years. In some circles they talk of the near mystical powers the NSA must have and how they must be like 20 years more advanced than the private sector. Every time I've dealt with the feds and IT stuff I'm amazed we're doing as well as we are because it is such a cluster fuck.

    Why should the NSA be any better? Why would the best of the best go there when they can make a whole lot of money in the private sector? I'm not just talking about the mathematicians, computer guys and cryptographers either, you need the top notch managers to run those groups and deal with the compartmentization that goes on while still motivating and producing top quality results. I could see the government rounding up geeks and math guys, I couldn't see them cultivating that leadership or hiring much of it.

    Honestly, I think their biggest thing is that they never get tired or run out of resources. That's how the FBI caught the unabomber, they just kept looking and looking and looking and then they got him. There are textbook methods and approaches to security. Their ciphers have looked like they simply follow them and are extremely conservative and diligent.

    1. Re:It's a government agency, what's the shock? by maelstrom · · Score: 3, Insightful
      "That's how the FBI caught the unabomber, they just kept looking and looking and looking and then they got him."

      Only half right. The FBI did not get tired of looking for him, but that is not what lead to his capture. The fact that the unabomber got cocky, published his manifesto and the feds got lucky enough that his brother had the moral fortitude to turn in his own brother.

      The FBI deserves almost no credit for catching the unabomber. Even their much vaunted behaviorial profiles were off the mark.

      --
      The more you know, the less you understand.
  6. What an odd set of posts.... by Osrin · · Score: 3, Insightful

    Like all secret service orgs the NSA has many arms dealing with various levels of classification and security. If you want to know more about them just go to http://www.nsa.gov, if you want a collection of names of people who work there go to http://www.nsa.gov/releases/speeches.html, learn who they are and feel free to digest all that they have to say. This is the story of a guy who was fired for missing his performance goals, he should be laughed at not heralded as a hero. I'm not sure anybody really cares about the 30 procurement execs that he found in his companies CRM system. You can bet your bottom dollar that any contractors working on secret systems will have been vetted, depending upon the classification level there is a good chance that the vetting will go down to employee level. I therefore have to assume that the work that Platform are doing is non-essential, I for one am glad to see the Government spending our dollars a little more wisely than they would be if they applied the highest level of security regulations to all of their systems.

  7. Re:NSA, CIA, HSA... by Red+Warrior · · Score: 3, Insightful

    anything that can't be known by the public, even after the fact, probably shouldn't be done.
    I'm sure that the Afgahn nationals passing on intelligence to the CIA fully agree with you. The Taliban and AQ wouldn't hold a grudge.
    I'm sure the British agent(s) who infiltrated the IRA agree wholeheartedly. Why, after 10 years, they could all get together and share a pint down at the pub.
    Likewise, the informant who decides to turn in a mob boss.

    I'm just about as libertarian and pro-transparency as the next guy...But We DO live on earth.

    --
    "If, therefore, any be unhappy, let him remember that he is unhappy by reason of himself alone."
    ~Epictetus