IDG News Service - WASHINGTON -- Offshore software development is one factor behind the escalation of exploitable network vulnerabilities, according to testimony at a hearing on network security before a U.S. House subcommittee last week.
Software companies must add more controls to the development process for software produced outside the U.S., said Steve Solomon, CEO of Citadel Security Software Inc. in Dallas.
"Software development organizations should be required to have all overseas-developed software examined for malicious capabilities embedded in the code," Solomon told the House Government Reform Committee's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. "Industry and government must work together to develop some form of standard or review process to address this growing threat."
Solomon's comments were rebutted by representatives from Microsoft Corp. and Juniper Networks Inc.
"It really doesn't matter where software is developed," said Dubhe Bienhorn, vice president of Juniper Federal Systems. "It is a process that requires very tight controls and very intense scrutiny."
Cheap Solution
Solomon defended his comments by pointing out that software vendors see offshore development as "easy and cheap."
"Maybe my colleagues on this panel have [secure offshore] processes in place," he added. "A lot of companies don't."
Rep. Adam Putnam (R-Fla.)
Image Credit: Newscom.com
"We have a very active interest in making sure as many people as possible know about our mistakes and how to fix them," Culp said.
Asked by Putnam if he's satisfied with the patch and alert process Microsoft now has in place, Culp responded that he's never satisfied. "I'd like to send out a lot fewer of those alerts," he said.
Putnam started the hearing by taking both private companies and government agencies to task for not moving fast enough to address continuing cybersecurity concerns. "As a nation, we have taken very dramatic steps to increase our physical security, but protecting our information networks has not progressed at the same pace, either in the public or in the private sector," Putnam said. "I remain concerned that we are collectively not moving fast enough to protect the American people and the U.S. economy from the very real threats that exist today. ... The time for action is now."
False Sense of Security
Solomon also
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
