The United States government could be rating software manufacturers according to the various components of their supply chains, a homeland security official said earlier this week, according to FierceGovernmentIT."There are suppliers in that chain who are people we would not allow into our facilities, but we're just going to take their software and install it? Anybody understand that there's a problem with that?" asked Joe Jarzombek, director for software assurance and global cybersecurity management within the DHS National Cyber Security Division, at a recent leadership conference.
Because government software handles such sensitive and private information, trust must be established with every vendor, manufacturer and parts supplier in the supply chain. However, the ratings aren't intended to blacklist certain vendors - instead, they are designed to identify the suppliers that "require a little bit more due diligence and therefore risk management," Jarzombek explained.
There are a number of security provisions already in place on government software, but John Gilligan, president of the Gilligan Group and a former Air Force chief information officer, said that many suppliers fail to comply with them and the standards are not very strictly enforced.
"Why would you ever buy a product with security features not turned on?" he said.
Post A Comment:
0 comments so far,add yours