Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Needs Secure Coding Office

Posted by CmdrTaco on from the measured-in-klocs dept.

Trailrunner7 writes "If the United States wants to remain competitive in the global economy and prevent widespread penetrations of its strategic, corporate, and commercial networks, enterprises and government agencies should stop relying on commercial software and go back to writing more of their own custom code. 'If we're going to maintain our place in the world, software is not a strategic problem, it is the strategic problem going forward,' security expert Marcus Ranum said in a speech Tuesday. 'Covert penetration becomes something that you think about on a five, 10, or 20-year scale. Why don't we have a government coding office? We have a government printing office. Why don't we have a strategic software reserve? Our own software is probably a greater threat to us than anything other people can do to us.'"

5 of 236 comments (clear)

  1. Hmm... what would it be called? by Anonymous Coward · · Score: 1, Informative

    I know! Let's call it the National Security Agency... and they could do things like work on securing our systems. Take Linux for example... maybe they could create a more secure environment... and call it SE Linux...

    Nah... that's silly...

  2. Re:Agreed by 1729 · · Score: 4, Informative

    There's a third issue: salaries. Programming talent is used to silicon valley pay grades, not military pay grades. How many employees would be willing to leave their current position and take a 50% pay cut to work for the government? Would you be willing to trust the code of someone working for $40K/year?

    Actually, there are a lot of government programming jobs that pay decently. I work at a government research lab, and the pay is competitive with industry (though no stock options, etc.), and I've seen a lot of FBI/NSA/CIA job postings for computer scientists that advertise 6-figure salaries.

  3. Re:Poor comparison by phantomcircuit · · Score: 3, Informative

    Actually yes there was a big push for COTS software in government a whiel ago. The idea was that it would reduce costs, but it was a short term cost reduction with a long term significant cost increase. The problem is that those doing procurement often are not responsible for long term negative effects, because they will be long gone.

  4. Re:Spending is the goal by AndersOSU · · Score: 3, Informative

    Government doesn't expand in terms of power and revenue because it's getting better, it expands because the economy is expanding.

    http://www.nationalpriorities.org/Federal%20outlays%20and%20revenues

  5. Not a case for tinfoil by betterunixthanunix · · Score: 4, Informative

    Take a look at Reflections on Trusting Trust, where Ken Thomson basically admitted to introducing a backdoor into a commercial operating system by hacking the compiler. The conclusion of the paper, in his own words, was not to trust commercial software to be secure -- the only secure code is code you control from the ground up. That paper was published in 1983.

    --
    Palm trees and 8