Trustworthy Software For The NSA?

Janus Daniels writes "There's a new story from the New York Times, as reprinted at CNET News, about security concerns for Government agencies buying software from overseas. According to the article, a whistle-blower who helped sell software to the National Security Agency says that much of the development work is subcontracted to China, raising serious national security risks. He also discovered in the sales-support database... the names of more than 30 [identity-classified] employees of the United States National Security Agency...'"

Even if its in the U.S.

[Goalie_Ca]

...who's to say that there might not be spies writting the software anyways. Can't the NSA write their own source code. They've already contributed selinux.

One of the problems of commercializing government.

[BWJones]

Given the recent push to commercialize various aspects of government, this is one of the potential pitfalls. Businesses will subcontract work to the lowest bidder and eliminate one of the internal controls that many government software projects have had in the past.

Re:Trusting trust

[FredThompson]

A common misconception is that the NSA buys/evaluates software the same way Joe Blow does.

I've been there and written code. Got a joint service commendation medal for software work for nuke command & control. The review process for critical code is excruciating.

This article is a lot of FUD.

Did you notice they don't make ANY claim whatsoever about what TYPE of software development? Hmmmm...that's interesting.

It's always possible espionage can happen. Having said that, there's a LOT that goes on at the NSA. Look at the publicly available pictures of the headquarters building. Ever wonder what it takes to feed and supply people and keep it clean?

There are different levels of software oversight, just as in the "outside" world. Yes, IRTA, and all I see is what looks like someone who was outside the loop making FUD statements about what's inside the loop.

Did you notice this doofus hasn't been on the job that long? Did you notice he was "alarmed" that the names of people were available? Well, duh!!

If you need to contact someone because you're contractually obligated to them, don't you need to know who they are and how to reach them? My family could pick up the phone and call me at work anytime they wanted and they met a lot of the people I worked with. This guy has watched too much TV. How does he think contrators communicate with the NSA? Trap doors and dead drops?

FWIW, I've never used or owned a shoe phone. Nor did we talk under a cone of silence.

Personally, I like "Alias" but let's get real, everyone doesn't sneak around through hidden doors with code names.

To my eyes, this guy didn't have access to much of anything. Maybe he wanted to get into the secure side of the development and was refused. Hmmm..ya think?

It's a government agency, what's the shock?

[AxelTorvalds]

I've wondered about this for years. In some circles they talk of the near mystical powers the NSA must have and how they must be like 20 years more advanced than the private sector. Every time I've dealt with the feds and IT stuff I'm amazed we're doing as well as we are because it is such a cluster fuck.

Why should the NSA be any better? Why would the best of the best go there when they can make a whole lot of money in the private sector? I'm not just talking about the mathematicians, computer guys and cryptographers either, you need the top notch managers to run those groups and deal with the compartmentization that goes on while still motivating and producing top quality results. I could see the government rounding up geeks and math guys, I couldn't see them cultivating that leadership or hiring much of it.

Honestly, I think their biggest thing is that they never get tired or run out of resources. That's how the FBI caught the unabomber, they just kept looking and looking and looking and then they got him. There are textbook methods and approaches to security. Their ciphers have looked like they simply follow them and are extremely conservative and diligent.