NSA plots software center Manhatten Project

[David Farber <dave () farber net>]

Begin forwarded message:

From: Tom Berson <berson () anagram com>
Date: October 30, 2004 1:17:28 AM EDT
To: Cyberwar () uspcd org
Subject: [PCD Discussion] FW: NSA plots software center Manhatten 
Project
Reply-To: PCD Discussion Forum <Cyberwar () uspcd org>



-----Original Message-----
From: Lin, Herb [mailto:HLin () nas edu]
Sent: Friday, October 29, 2004 8:27 AM
To:
Subject: FW: NSA plots software center


-----Original Message-----


http://www.fcw.com/fcw/articles/2004/1011/web-manh-10-15-04.asp

> The National Security Agency's top information security official
> disclosed plans this week for a government-funded research center
> devoted to improving the security of commercial software, calling the
> initiative a modern-day Manhattan Project.
>
> Comparing the proposed high-assurance software initiative to the
> famous atomic bomb research project of the 1940s, NSA's director for
> information assurance, Daniel Wolf, said the research would focus on
> tools and techniques for writing secure software and detecting
> malicious code hidden in software.
>
> Before NSA officials can create the center, the Defense secretary must
> approve the concept and find money for the project, Wolf said. He gave
> the keynote address at the Microsoft Corp. Security Summit East in
> Washington, D.C., earlier this week. The quality and trustworthiness
> of commercial software has become a matter of increasing concern to
> NSA officials, who are responsible for the security of Defense
> Department and intelligence software. NSA officials anticipate that
> many companies on whose software DOD and intelligence users rely will
> be moving significant portions of their commercial software
> development overseas within a few years.
>
> NSA officials cannot force companies to develop software a certain
> way, Wolf said, "but we would like to get them to a point where they
> are producing commercial products that meet the needs of our users."
> About 95 percent of the agency's desktop PCs run Microsoft's Windows
> operating system, Wolf said.
>
> The high-assurance software center would have a small staff of
> researchers who would work with other researchers at NSA, the Defense
> Advanced Research Projects Agency, the Homeland Security Department,
> the National Institute of Standards and Technology, federally funded
> research centers, academic institutions, and corporations. "We talk
> about something like a Manhattan Project because of the magnitude of
> what we're trying to do," Wolf said.
>
> Creating commercial software of high quality and trustworthiness is
> immensely difficult using existing tools and techniques, he said. "You
> want software that does all the things that it is supposed to do and
> nothing more," he said. It is especially difficult to know whether
> commercial software contains hidden malicious code. Current detection
> tools produce too many false positives, he said.
>
> As an agency, NSA has 50 years' experience with writing cryptographic
> code, Wolf said. "What we bring to the table is the ability to analyze
> software and find vulnerabilities," he said.





_______________________________________________
Cyberwar mailing list
Cyberwar () uspcd org
http://uspcd.org/mailman/listinfo/cyberwar_uspcd.org

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/