Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Needs Secure Coding Office

Posted by CmdrTaco on from the measured-in-klocs dept.

Trailrunner7 writes "If the United States wants to remain competitive in the global economy and prevent widespread penetrations of its strategic, corporate, and commercial networks, enterprises and government agencies should stop relying on commercial software and go back to writing more of their own custom code. 'If we're going to maintain our place in the world, software is not a strategic problem, it is the strategic problem going forward,' security expert Marcus Ranum said in a speech Tuesday. 'Covert penetration becomes something that you think about on a five, 10, or 20-year scale. Why don't we have a government coding office? We have a government printing office. Why don't we have a strategic software reserve? Our own software is probably a greater threat to us than anything other people can do to us.'"

5 of 236 comments (clear)

  1. Re:OpenBSD by abigor · · Score: 3, Interesting

    Unfortunately, they got fired: http://www.infoworld.com/t/platforms/openbsd-contract-suspended-due-world-events-727

  2. We do by greenbird · · Score: 3, Interesting

    Why don't we have a government coding office? We have a government printing office. Why don't we have a strategic software reserve?

    We do. It's called open source. And it's run by a militia just like the one that started this country.

    --
    Who is John Galt?
  3. Re:This idea is dumb. by Ephemeriis · · Score: 3, Interesting

    Meh.

    Just mandate genuinely open source software for all government work.

    You don't have to rely on your government to analyze code and submit the fixes back to the original author - anyone can look at the code. And you don't have to rely on the original author to incorporate the fixes - anyone can. And you don't have to trust that the binaries you're running actually match the code you're looking at - just compile your own.

    The big problem with all of this isn't necessarily that the code is crap or anything like that... It's that the stuff is closed-source. We're basically trusting that the code does what it is supposed to, and we've got very little ability to verify that.

    --
    "Work is the curse of the drinking classes." -Oscar Wilde
  4. Re:Agreed by binarylarry · · Score: 4, Interesting

    Working at NASA is like working in the game industry, it's the coolest gig around and attracts tons of people which creates more competition and ultimately drives salaries down.

    --
    Mod me down, my New Earth Global Warmingist friends!
  5. No kidding. by sean.peters · · Score: 3, Interesting

    For every example of software failures discussed above, you can come up with a fine example of a government system that worked great. I'm not going to spend a lot of time digging up examples, but here's one: the Navy's Aegis Combat System. Aegis is just Skynet's littler (and nicer) brother - it's vastly complex, and under certain circumstances is capable of conducting difficult anti-air battles more-or-less autonomously. It detects, tracks, and engages subsurface, surface, air, and ballistic missile threats. And yes, this was a program run by the government.

    As the parent points out, the common thread in massive software implementation failures isn't that the customers were government agencies - it's that they didn't have their requirements nailed down before they started shoveling money at their problems. There's plenty of that going on in the private sector as well.