Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trustworthy Software For The NSA?

Posted by simoniker on from the secrets-lurking-behind-installer dept.

Janus Daniels writes "There's a new story from the New York Times, as reprinted at CNET News, about security concerns for Government agencies buying software from overseas. According to the article, a whistle-blower who helped sell software to the National Security Agency says that much of the development work is subcontracted to China, raising serious national security risks. He also discovered in the sales-support database... the names of more than 30 [identity-classified] employees of the United States National Security Agency...'"

4 of 229 comments (clear)

  1. Are the subcontractors fully aware.. by Xuranova · · Score: 5, Interesting

    of what it is they're programming, in the sense that do they know they are making a sensitive program for the NSA of the United States? If not then what could be the harm unless a backdoor gets thru unchecked? (I can only hope that some US officials or hired techies DO check this code for backdoors and the like.)

    --
    "There is no real right or wrong, just what the majority accepts at the time."
  2. Total government awareness by aberant · · Score: 4, Interesting

    Those guys at MIT constructing the database on government members should get these names. oh what juicy tidbits of info they would be!

  3. If my experience is any indication... by instantkarma1 · · Score: 4, Interesting

    This is just the tip of the iceberg. I just quit a job (read by choice, not fired) where some of the software created for the DOD was done by mainland Chinese programmers ....without the knowledge of the DOD. This was software which was tied to a backend database containing sensitive information. No, we are not talking nuclear secrets, but it was information which other non-friendly countries to the U.S. (ie anyone by England) would find interesting and useful. I broached the subject numerous times to my employer, who essentially pulled an Alfred E. Nueman (What?!?! ME worry?!?!). Finally, I quit and informed the proper people, washing my hands of the entire mess. While it may sound stupid to quit a high-paying job in this economy, having Bubba has a cellmate made it a lot easier.

    My rambling point is this....the U.S. Government, particuarly the DOD, will be using software made by non-friendly parties with an axe to grind, without ever receiving the source code or knowing who actually wrote the software. And what's more, it's been my experience the bueacracy really doesn't give a sh*t as long as they can pass the buck.

  4. Trusting trust by robindmorris · · Score: 5, Interesting
    I RTA, and the whistleblower claims that the Chinese could have the opportunity to put something malicious into the code. The company claims that work for the US Govt. is not sent out to China. The security agencies say that they audit all outside code anyway.

    The bigger issue is not where the code is written, it's whether you can audit the source yourself (and whether you actually do so.

    See reflections on trusting trust for a nice article about why, if it really matters, you should be careful with other people's code.