Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Does Offshoring Threaten Combat Software? 247

Posted by kdawson
from the pentagon-pondering dept.
PreacherTom writes, "Pentagon officials report that 'maliciously placed code' could compromise the security of the Defense Department and, ultimately, hurt its ability to fight wars. The culprits: offshore programmers. While the Pentagon has stepped up its vendor screening and software testing of late, it's becoming more difficult and costly to test every line of software code on increasingly sophisticated weapons systems. The task force assigned to this issue will be soon presenting its report, and most likely will determine that offshoring presents too great a risk."
This discussion has been archived. No new comments can be posted.

Does Offshoring Threaten Combat Software?

Comments Filter:
  • Offshoring will save costs,m and ensure that overseas developers, often with considerably greater knowledge of these systems will be able to develop them. the risks are totalyl negligible. I say we petition the government to offshore more development.

    Yours - Cylon number 6
    • overseas developers, often with considerably greater knowledge of these systems will be able to develop them
      I think thats the real issue here. The US military and defence industries (should really be called attack industries now) spend a fortune developing advanced weaponry and they are probably less than amused that a bunch of indian/chinese/durkastani developers have such detailed knowledge of their systems and potential weaknesses.
      • Re: (Score:3, Informative)

        by soft_guy (534437)
        The US military and defence industries (should really be called attack industries now)

        At one time, the US had a "War Department" and a "Secretary of War". Sometime in history, we changed the name to "Department of Defense" and "Secretary of Defense". This happened about the time we stopped using the army for actual defense of the country and instead started using it to bully the rest of the world.
        • Re: (Score:2, Insightful)

          by gb506 (738638)
          This happened about the time we stopped using the army for actual defense of the country and instead started using it to bully the rest of the world.

          Let's see now, who have we directly bullied since the War Department became the DoD?

          North Korea - fuzzy, cuddly little things they are, what with the gulags, starvation, totalitarianism, etc.

          North Vietnam - stict followers of peace and non-aggression, them. Never hurt a flea.

          Grenada - after cuddly little Cubans took over the island nation by force and

          • by plopez (54068)
            N. Vietnam - in 1919 *and* 1946 Ho Chi Mihn approached the allies asking for help to get his nation peacably freed from the French. Denied both times. Millions died, Vietnam got its independence and is now becoming a friend of the US.

            Grenada - poltical turmoil. Reagan needed a quick victory to cover his ass after getting over 300 marines killed in Lebanon.

            Iraq II - Bush lies about terrorist links and WMD's to bolster up his flagging machismo. Invades, makes a mess of things and destailizes the region. On th
          • Iraq - warm and fuzzy Saddam invades neighbor and appears to have desire to go to Saudi, potentially throwing geopolitical and economic stability to the sewer.
            Saddam was our ally during the cold war. He had WMD because we supplied them.

            Afghanistan - Wonderfully cordial and free thinking taliban, harboring terrorists and disallowing sports, music, games, education for women, etc. Bullies we were!!!
            We supplied weapons to the Taliban during their long fight against Soviet occupation. The cold war took preceden
            • by drinkypoo (153816)

              Iraq - warm and fuzzy Saddam invades neighbor and appears to have desire to go to Saudi, potentially throwing geopolitical and economic stability to the sewer.

              Saddam was our ally during the cold war. He had WMD because we supplied them.

              I remember comic genius Bill Hicks talking about this, he compared it to Jack Palance throwing the gun down at some guy's feet in some movie (you can see how well I remember, obviously) and saying "Pick it up" (jack palance face here) "No Mister, I don't want no troubl

            • by Dhalka226 (559740)

              Wow. This is a fairly clever troll. Just enough to seem like you're actually involved in the discussion, but in fact you're just baiting readers into some unrelated anti-American rant. Clever!

              Saddam was our ally during the cold war. He had WMD because we supplied them.

              We supplied weapons to the Taliban during their long fight against Soviet occupation.

              A lot of dictators were armed and trained by the United States.

              That's what, 75% of your points? To every single one of them I say: SO WHAT?

              They ar

          • Even if some of these examples are cases of a justifiable aggression, they are aggression - and not defence. The real point, that the semantics are Orwellian in their irony, still holds, even if some case can be made for some of the interventions (and, of course, you happily exclude those interventions in Latin America which are incontrovertibly indefensible.)
          • by soft_guy (534437)
            You listed a few of the good examples of the bullying to which I referred. Thanks for proving my point.

            You're also a hopelessly twisted moonbat with a phase inverted worldview.

            Thanks, I'll take that as a compliment coming from you.
        • by kz45 (175825)
          "At one time, the US had a "War Department" and a "Secretary of War". Sometime in history, we changed the name to "Department of Defense" and "Secretary of Defense". This happened about the time we stopped using the army for actual defense of the country and instead started using it to bully the rest of the world."

          If you mean, bullying countries that are a direct threat to the world, then yes. The problem isn't that the U.S. is a bully..it's that no other country will step up to the plate.

          If other countrie
      • > I think thats the real issue here. The US military and defence[sic] industries (should really be called attack industries now) spend a fortune developing advanced weaponry

        Correct.

        > ...and they are probably less than amused that a bunch of indian/chinese/durkastani[sic] developers have such detailed knowledge of their systems and potential weaknesses.

        Ah, you missed it. Who misses out if software development goes offshore? American software development companies -- so they drum up some xenophobic sent
    • You know, the whoosh the previous posters heard was the joke going completely over their heads.

      (Hint: the signature should be a dead giveaway.)
    • by pilgrim23 (716938)
      In the early 20th century, domestic arms production was a prestige thing for most countries. The thought being that in the event of war, supplies of needed material would be interrupted if the factory was not at home. The political ramifications were prickly too; Example: The Austro-Hungarian Empire had standardized on the model 1907 Roth Steyr pistol for their cavalry but as the "Dual Monarchy" needed to apease various factions, the armory for this weapon was set up in Vienna and duplicated completely i
  • FTA:"We're happy to use Microsoft"

    Some people never learn. [wikipedia.org]

    Maybe they could just ask to see the source code and audit it themselves, or just use software with the source code available. Its not as though they need to write it themselves, just be able to examine the source code. If they don't want to, well, they get what they deserve.

    • Wow. That's pretty bad. Entering a zero into a field causes the ship's propulsion to die because some programmer, and all his reviewers, couldn't be bothered to check for zero in a division algorithm.

      That's par for the course for MS. Remember the expandable menus? Hope you didn't hover your mouse a moment too long before clicking -- you might have saved your document when you were looking for the page setup.

      But then, I've seen it in open source too. Not monitoring the critical paths closely enough. Ha
      • by joto (134244)

        Entering a zero into a field causes the ship's propulsion to die because some programmer, and all his reviewers, couldn't be bothered to check for zero in a division algorithm.

        Well, that's probably because the programmer didn't write the division algorithm himself. I may be going out on a limb here, but I believe the programmer may have used a built-in operator from the programming language he was using, the operator being called "/".

        But seriously, these sort of things happen. And in fact, at the time

        • Well, that's probably because the programmer didn't write the division algorithm himself. I may be going out on a limb here, but I believe the programmer may have used a built-in operator from the programming language he was using, the operator being called "/".

          Very funny, asshole. I was talking about the function that contained that "/". *That* function should have made sure all denominators would be non-zero. That part of the package is most certainly *not* experimental. On that task, basic programmi
    • by PFI_Optix (936301)
      "In September 21, 1997 while on maneuvers off the coast of Cape Charles, Virginia, a crew member entered a zero into a database field causing a divide by zero error in the ships Remote Data Base Manager which brought down all the machines on the network, causing the ship's propulsion system to fail."

      I'm not sure what Microsoft had to do with bad data entry.
      • I'm not sure what Microsoft had to do with bad data entry.


        Well, really bad data entry validation. Which would be the fault of the author of the database front-end. Whether that was Microsoft or a U.S. Navy software development team is unknown based on that article.
    • WinNT did not fail. On a test platform, not an operational ship, running non-release versions of software: A client application accepted incorrect input. A server application accepted this bad data, performed a bad calculation, and corrupted it's database. Client apps that tried to use this database crashed. These events are OS independent, the same thing would have happened under MacOS X or Linux. The publisher of the original article that blamed WinNT later distanced themselves from the article calling it
      • A server application accepted this bad data, performed a bad calculation, and corrupted it's database. Client apps that tried to use this database crashed. These events are OS independent, the same thing would have happened under MacOS X or Linux.

        Yeah, because *every* OS out there fails to check for valid input, and in fact, *must* fail to check for valid input.
        • by Z34107 (925136)

          Yeah, because *every* OS out there fails to check for valid input, and in fact, *must* fail to check for valid input.

          Um, Operating Systems don't do that kind of input validation. They can't. Believe it or not, some programs actually use zeroes - and they have to mingle peacably on the same OS with programs that don't allow zeroes.

          The OS has no way of knowing what input is valid for each program - only the program knows that. It's the job of the program's creator to check for bad input - like division b

          • True. In that respect, I erred. I guess an OS's only line of defense against programs that crash, is not to shut down vital systems and disable manual overrides.
            • True. In that respect, I erred. I guess an OS's only line of defense against programs that crash, is not to shut down vital systems and disable manual overrides.

              You are still erring. The OS does not control vital systems or manual overrides. That what applications do. Furthermore you seem to have missed the detail that this was a test platform running without safeguards to see what would go wrong.

              What the software developer said:

              "McKelvey adds that the crash would not have happened if the navy had
        • by 2short (466733)

          Well, that's an odd way of putting it, but yes, exactly. The OS can't possibly check for valid input. The problem reported was not a Windows-specific problem any more than it was a steel-hulled-ship-specific problem.
    • by wtansill (576643)

      Maybe they could just ask to see the source code and audit it themselves, or just use software with the source code available. Its not as though they need to write it themselves, just be able to examine the source code. If they don't want to, well, they get what they deserve.

      Not good enough. See Ken Thompson's argument [acm.org] that any code that you cannot contol with 100% certainty cannot be trusted. Even if the source is clean, the compiler, JVM or the like may insert malicious code that cannot be detected

  • by Control Group (105494) * on Thursday November 02, 2006 @11:39AM (#16690031) Homepage
    "Pentagon officials report that 'maliciously placed code' could compromise the security of the Defense Department and, ultimately, hurt its ability to fight wars. The culprits: offshore programmers. While the Pentagon has stepped up its vendor screening and software testing of late, it's becoming more difficult and costly to test every line of software code on increasingly sophisticated weapons systems. The task force assigned to this issue will be soon presenting its report, and most likely will determine that offshoring presents too great a risk."
    Blaming "offshoring" is a neat wave of the bloody shirt, but I don't think it's relevant to the problem. Take the word "offshoring" out of that quote, and replace it with "outsourcing." Does it still make sense? Let's see:

    "Pentagon officials report that 'maliciously placed code' could compromise the security of the Defense Department and, ultimately, hurt its ability to fight wars. The culprits: offshore programmers. While the Pentagon has stepped up its vendor screening and software testing of late, it's becoming more difficult and costly to test every line of software code on increasingly sophisticated weapons systems. The task force assigned to this issue will be soon presenting its report, and most likely will determine that outsourcing presents too great a risk."

    Looks like it does.

    If the problem is that there aren't enough resources (including time) to do a sufficiently thorough audit of all the code, then it doesn't matter where the code was written, does it? Do we really suppose that a malicious actor would have that much harder a time getting a job for a DoD contractor in the US than overseas? Do we really suppose that it would be that much more difficult to suborn a programmer overseas than here?

    Or, more accurately, is it enough more difficult in either case for us to be confident of code written inside the country as opposed to outside?

    It's not that I do think that offshored code is trustworthy, it's that I don't think "onshored" code is. And if we can't trust either, what does offshoring have to do with anything?
    • by Sancho (17056)
      There are levels of trust just like there are layers of security. Outsourced code is probably a little bit safer than offshored code, not to mention having economic benefits. It's also easier to prosecute people on our shores. We can't afford to go to war with China if we find something malicious in code/hardware that comes from that country.
    • Re: (Score:3, Interesting)

      by Ana10g (966013)

      Do we really suppose that a malicious actor would have that much harder a time getting a job for a DoD contractor in the US than overseas? Do we really suppose that it would be that much more difficult to suborn a programmer overseas than here?

      Yes and yes (good word, by the way, had to look up "suborn"). We may not have the man power here to conduct a thorough, line by line audit, but we do have legions of background investigators. And, it's currently illegal for a non-US citizen to hold a security cle

      • by bfields (66644)

        And, it's currently illegal for a non-US citizen to hold a security clearance, for good reason (you cannot let the fox into the hen house, after all).

        So Canadians, French, Japanese, are "foxes", and americans are all "hens"? I don't get the analogy here.

        We may not have the man power here to conduct a thorough, line by line audit, but we do have legions of background investigators.

        And they prevent employees from writing crapp code, how?

        • by Ana10g (966013)

          And they prevent employees from writing crapp code, how?

          The discussion isn't about preventing crap code, actually (at least from what I've read today). It's about keeping the code secure from outside espionage, malicious entries by foreign entities, and the like. To prevent authoring of bad code, you'll have to stop writing code altogether. For every good programmer, there's probably 10 to 15 average ones, and for every average coder, there's probably 25 - 30 crappy ones. You really can't prevent thi

    • by bfields (66644)

      Or, more accurately, is it enough more difficult in either case for us to be confident of code written inside the country as opposed to outside?

      No, no, you don't understand. See, the word is divided into the 300 million people who live inside our borders and the 6 billion outside. Every single one of the 300 million insiders is a patriotic hard working american who could never write any insecure code, intentionally or not; only the outsiders are suspect. Any rare exceptions to this rule are therefore c

    • Re: (Score:3, Interesting)

      by thermopile (571680)
      Here's why the US government is so concerned about someone hiding a trojan horse inside sensitive code: The U.S. has done it to other countries before.

      Click here [ranum.com] for a fascinating article describing how the CIA and FBI managed to sell to the Soviets some chips with bungled operations "hidden" in the chips, to be used for their shiny, new Trans-Siberian natural gas pipeline. The result was the largest non-nuclear explosion ever seen from space.

      What goes around, comes around, and the government is get

    • by feepness (543479)
      Do we really suppose that a malicious actor would have that much harder a time getting a job for a DoD contractor in the US than overseas?

      I guess you don't, but yes, I suppose so.

      Not that I care all that much either way.
    • If the problem is that there aren't enough resources (including time) to do a sufficiently thorough audit of all the code, then it doesn't matter where the code was written, does it? Do we really suppose that a malicious actor would have that much harder a time getting a job for a DoD contractor in the US than overseas? Do we really suppose that it would be that much more difficult to suborn a programmer overseas than here? Or, more accurately, is it enough more difficult in either case for us to be confi

      • Maybe we have some greater confidence in US code. But US origin doesn't get you all that much more confidence.

        The problem is that a large portion of the software the DoD uses is commercial off-the-shelf stuff. Those usually aren't written by contractors who've been investigated or cleared. So even if DoD banned use offshore-produced software, a foreign entity might not have that hard of a time infiltrating some US software company. It wouldn't take many such saboteurs if they were placed in the right co
    • Of course on-shore developers could also indtroduce similar flaws. Heck, even DOD certified developers with a clearance working directly for the pnetagon could do the same.

      But there are levels of probabilty of this occuring. It's much less probably that a small group of well-screen on-shore programmers wil lintroduce issues than a facility in another country where the governemtn has no control or visibility into hiring, or systems deployment, or even tunnels under a building for that matter!

      Not using offs
  • by inviolet (797804) <slashdot AT ideasmatter DOT org> on Thursday November 02, 2006 @11:40AM (#16690055) Journal

    ...what if they'd offshored WOPR?

    "How about a nice game of Chinese Checkers?"

    • by pilkul (667659)
      Your joke would've worked better with Chinese chess, since "Chinese Checkers" was invented in Germany.
  • I am all for cutting costs where need be, but there should be a line drawn somewhere. Send the web app that tracks sales of a company offshore. Dont send software that the department of defense uses offshore. At the very least, you buy 'accountability'. I dont know how easy it would be to track down the person who worked on the program in a difference country.
  • New tag: "noshit" (Score:3, Insightful)

    by Kadin2048 (468275) <slashdot.kadin@x[ ].net ['oxy' in gap]> on Thursday November 02, 2006 @11:40AM (#16690059) Homepage Journal
    I'm glad the Pentagon finally woke up to reality, where maybe it's not such a hot idea to pay some Indian contract programmers a few bucks an hour to write the firmware for your cruise missiles.

    I'm not sure of the exact law, but I believe there is one which basically says, all U.S. defense procurement must come from domestic sources, unless it's some exceptional item that can only be purchased abroad. Maybe we need a law like that for government contracting and outsourcing. Unless there's a demonstratable reason for having to do it offshore, it shouldn't be.
    • by Bishop (4500)
      The US law requiring domestic sources is written in a such a way that the primary contractor can purchase equipment from a foreign source. The princinple behind the law is sound: governments should prefer spending money in the domestic economy. Unfortunately the effect of the law is to insure that the big defence contractors get a cut of any defence spending regardless of the work done domestically.
    • Maybe we need a law like that for government contracting and outsourcing.

      Why on earth would anybody (except the lucky government contractors) need that? And if there were something good about this idea, why wouldn't it be even better to ban all foreign spending by all private entities? There is nothing about a "tax dollar" that makes it different from any other dollar once it is spent.

      No, there may be some security reasons for restricting military spending, but the economic interests of America and American

  • I imagine they were probably more concerned with other issues like foreign programmers who could easily be hired to work on other military projects for rivals. They'd even have large parts of the source available while programming on such systems and even if they didn't create backdoors they could still try and hack the system later if there was a change in their situation.
  • ...there has never been anyone located in the United States that has worked on a sensitive project and worked to compromise its success and otherwise betray the US to enemies. So, obviously, offshoring is the only concern, not the complete inadequacy of the testing and verification procedures at the Pentagon.

  • It's not clear to me what software the Government is outsourcing or has outsourced or is considering. But it does seem they have at least dabbled in weapons systems and other software related to warfare being offshored. I can think of reasons this isn't a good idea...

    • first (and maybe most importantly) if we are creating and structuring a defense system for our country, why would we ask others to write the software? Would be outsource our soldiers for the military?
    • relatedly, when there are wars, why wo
  • Inconsistency (Score:5, Interesting)

    by Flying pig (925874) on Thursday November 02, 2006 @11:47AM (#16690177)
    The UK government buys military equipment from the US which contains software which it is not permitted to review, and indeed for which it may not be allowed the latest version. And we are supposed to be about the only real international friend the US can rely on.

    And this software which we are not allowed to review may have been written by offshore programmers who will know perfectly well that they are doing the job because they are cheaper, and have absolutely no patriotic investment in the US?

    I wonder how many other global empires have been brought down by the desire to make a quick buck?

    • by kbielefe (606566)

      The UK government buys military equipment from the US which contains software which it is not permitted to review

      I can't speak for other projects, but the UK government is definitely allowed to review the software my department writes for military equipment they purchase, and you may rest assured that they do a thorough job of it.

      If there are any projects that don't permit code review, it is because the UK government didn't insist on it in the contract. The U.S. government doesn't rely on security by obs

    • by mnmn (145599)
      I'd say more global empires have been brought down by focusing on the wrong issues, racism and by corruption.

      Its people within the global empire trying to make a quick buck at the cost of the empire (Weapons and aerospace companies).

      Bibliography:
      Roman Empire
      Mongol Empire
      USSR
  • There is an old military saying that goes something like, "Do not worry about your weaknesses, the Enemy will be more than happy to demonstate them to you." - Unknown
  • a maliciously place car can kill someone, too. So maybe we should remove all cars?

    Simply put, don't use offshore devs --- its all in the contracts. you know the ones that result in tolit seats costing thousands of dollars....

    If defence programming is going to be open to companies anywhere in the world, then what exactly are you defening against?
    • The $600 hammers are a consequence of the vagaries of the contract.

      Naysayers don't point out that the $15 million system was delivered for $15 million.

      They don't point out that the "screw" was "99.1% titanium with .012" thread, unique bit on top" - one of 21 produced for the entire project.

      They don't point out that the 2 million dollar wing was sold for 1.6 million (tho the $15 million plane was still $15 million).

      Huge abuses exist- but some of them are not as bad as the news media makes them out to be.
  • by britneys 9th husband (741556) on Thursday November 02, 2006 @12:15PM (#16690627) Homepage Journal
    Maliciously placed software code is already weakening our military and hurting its ability to effectively fight wars. And that code was developed by Diebold right here in the USA.
    • by shking (125052)
      Maliciously placed software code is already weakening our military and hurting its ability to effectively fight wars

      It's a conspiracy to sap and impurify all of our precious bodily fluids [imdb.com]!

  • Of course offshoring combat software opens a greater likelihood of threat! Duh! That doesn't mean that home grown coders won't ever betray trust either, but if we can spend billions of dollars on rockets and bombs, then surely we can spend what it takes to use our own developers to write and test combat software! The very thought of important defense software being written in foreign countries, that may or may not remain friendly, is patently absurd. There are just some things you should do for yourself.
    • by prockcore (543967)
      That doesn't mean that home grown coders won't ever betray trust either


      True, but homegrown coders can be held accountable. Try convincing the indian government to hand over one of its citizens so we can prosecute him for espionage.
  • The basic liberal (in the commonly used sense) position on globalization isn't that it is bad in principle. It is just bad when it connects us to places with very low standards for human and labor rights.

    While we have our own home grown terrorists (Timothy McVeigh, Richard Reid, Ted Kaczynski et al), the condition of human rights and economic development in low wage, low cost countries poses a particular security concern, not only for military contracting but for commercial espionage. I'm not concerned ab
  • Here's what scares me: The Intelligent Platform Management Interface [intel.com] (IPMI) and the Remote Management and Control Protocol. [microsoft.com] (RMCP). Many machines in the field implement these protocols in the network controller, independent of the operating system.

    These are UDP-based protocols, on port 623. They can be sent from anywhere on the Internet; not just local machines. They provide total power over the target computer. Functions include:

    • Change boot device for next boot, including boot from network.
    • Turn
  • I really, REALLY hope this pisses you Americans off, because it's got me pretty fuming. If this makes it to CNN or something otherwise, I'll write my reps, but seeing as midterms are next week, I won't do it just now. My state is about to have a lame duck or two.

    Let's see the issues here.

    - The government took jobs away from Americans to try and save money.

    Then, since they didn't think it through,

    - The government failed to adequately protect its people by allowing foreigners, possibly enemies, to write code
  • by Kostya (1146)
    I'm so glad to already see a bunch of comments to the effect of "well duh!" I've been wondering how long it would take the military's strong sense of self-preservation to kick in. It's one thing to be all for free markets to the extent of selling out your own population. But when you give away your military advantages to you potential adversaries for a quick market gain ...

    A friend of mine and I have both been wondering when the US policy on off-shoring would change. My constant source of confusion is h
  • ZeroWing joke in 5 .. 4 .. 3 ..
  • by mritunjai (518932)
    I think this problem applies to all software out there.

    One has bigger problems than malicious people planting trojans if they can't audit every line of their "mission critical" software OR hardware.

    Would you trust your respirator and other hospital life support system to unaudited code whether or not it has been written by malicious people ? If not, then why should anyone trust his defense system ?

    I remember there was a story long back about "intelligent guns" that identify their owners. No one thought it'd
  • It's about knowing that the developer isn't a known criminal or terrorist, doesn't have ties with criminals or terrorists, isn't blackmail-able, and can be punished under US law. How can you possibly verify this with a foreign developer?
  • The idea that any US military hardware or software is produced outside of the US is idiocy. Let's hope the US never has to count on its ability to manufacture anything the next time a madman tries to take over the world.
    • I've worked in the defense industry. Yes, the idea is idiocy. That's why all software actually used in military systems is written by citizens with security clearences. I have no idea what this article is talking about, or their supposed Pentagon sources.

      I once couldn't bring a prototype device into a classified area until we replaced a software driver made in England. And trying to use IP cores for FPGAs from overseas? One giant headache.

      And I advise against using a blurb in BusinessWeek as "proof" of

  • is that techniques we used against the Soviets during the Regan Era [msn.com] may also be used against us if we're not careful? Say it ain't so!
  • America needs a few crushing military defeats in the wars it unnecessarily initiates. That's the only way to stop Pentagon from engaging in wars for all sorts of ridiculous, made up reasons and Joe Sixpack from approving whatever BS he hears on TV. Think about it, the US has been in war with someone practically for half a century already if not more. The only two of these wars that were justified were WWII and Afghanistan. In all the others the US wasn't even remotely threatened so the wars were designed to
  • How many countries there are in the world that outsources their defensive software ?
  • "Pentagon officials report that 'maliciously placed code' could compromise the security of the Defense Department and, ultimately, hurt its ability to fight wars. The culprits: offshore programmers. While the Pentagon has stepped up its vendor screening and software testing of late, it's becoming more difficult and costly to test every line of software code on increasingly sophisticated weapons systems. The task force assigned to this issue will be soon presenting its report, and most likely will determine
  • it's becoming more difficult and costly to test every line of software code

    What do you mean, "more difficult and costly to test every line?" Every line, or close to every line, darned well ought to have test coverage before you commit it to your source code repository, let alone delivering it to the customer. And properly factored and coded classes and modules should be testable in isolation. If the cost of testing -- and, presumably, the cost of change -- is increasing drastically as the system size

  • No country... I'll repeat NO GODDAMN COUNTRY has a "right to fight a war". They have rights to DEFEND, AT HOME, not "take a war to da enemy".

    More lines of code should fall under scrutiny. But, I am sure some enterprising devs will find a way to improve the automated scanning and maybe even run the stuff in infinite-scenario virtual machines to look for signal injection hijacking and other techniques. But, war is not only suppose to be costly, it should be so frightening that most sane people will refuse to
  • by Sinical (14215)
    Okay, here's the only specifics I saw in the article:


    This includes not just software for computers and networks but, in some cases, programs for military aircraft, missile guidance, and battlefield management systems.


    Okay, I can believe that "battlefield management systems" could have some commercial junk that came from somewhere, but otherwise I find large parts of this less than convincing.

    About the missile guidance part I say: bullshit. Hell, for a lot of missiles, particularly older ones, the processor
  • You do not want the US to just take code from the US.

    That will mean no Windows. But it will also mean no BSD, no Linux and I would doubt QNX or vxworks etc.

    To have EVERYTHING audited down to the programmers' parents, you'd have to do it in the US and pay for it all from scratch. That means a new highly proprietary software that costs a heck lot and comes with more bugs than Wince.

    Ideally they should choose the most audited and high quality OS (regardless of who developed it), and build proprietary and secre
  • Think hardware.

    When all the hubbub was going on about Dubai buying US ports. Our government sold them 7 military plants on US soil.

    Then there are all our politicians, who it is so very difficult to tell if they are incompetent or working for some other foreign power to weaken the United States. Since it is so hard to tell, I have to ask; "what would be the difference?"

    I don't think the world works the way we think it does, with pitched armies, and Communists plotting against Capitalists. I think it's just v

Keep your boss's boss off your boss's back.

Working...