The Briefing Room

General Category => Military/Defense News => Topic started by: rangerrebew on April 05, 2024, 03:17:10 pm

Title: How to fix the military’s software SNAFU
Post by: rangerrebew on April 05, 2024, 03:17:10 pm

How to fix the military’s software SNAFU
Too many of its apps are built on code riddled with vulnerabilities—and distributed by the Pentagon itself.
JOHN SPEED MEYERS | APRIL 4, 2024 04:16 PM ET
 
   
The only institution more mired in acronyms than the U.S. military is, in my experience, the software industry. The former’s thorough embrace of the latter is reflected, for example, in this recent piece by serious commentators that includes a four-page glossary. To be sure, software’s ability to supercharge military operations make this alphabet soup palatable—but it also conceals a dangerous security SNAFU. 

If software is to be more of a benefit than a liability, its inevitable flaws must be spotted and fixed before they can be exploited by China, Russia, and other adversaries. Unfortunately, in an analysis I conducted of popular open source software made available by the Pentagon for its units and contractors to use, there is strong evidence that the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

Fortunately, the U.S. military, elected leaders, and the public don’t need to accept this situation as normal. There are technical and organizational solutions that would allow the military to embrace software safely. Creating safe and toil-free software requires, at a minimum, rethinking the links in the military’s software supply chain and preferring software that is rapidly updated. It also requires reconsidering the idea that there should be a single, free military-run repository of safe software. The software industry loves the idea of a “single source of truth,” but this totalitarian thinking, which military bureaucracies sometimes prefer too, is a recipe for disaster in the fast-moving world of software.

https://www.defenseone.com/ideas/2024/04/how-fix-militarys-software-snafu/395489/

Title: Re: How to fix the military’s software SNAFU
Post by: rangerrebew on April 05, 2024, 03:19:13 pm

It would appear either the software techs at the Pentagon are incompetent or traitors. :pondering:

Title: Re: How to fix the military’s software SNAFU
Post by: DefiantMassRINO on April 05, 2024, 04:09:23 pm

There's no single, perfect solution.

Those that need near-real-time software innovation need to establish incubators or skunkworks that emphasize rapid innovation and extensibility.

Sooner or later, the finance and compliance guys will come knocking to put an end to your orgy of innovation.

Title: Re: How to fix the military’s software SNAFU
Post by: Timber Rattler on April 05, 2024, 04:42:32 pm

Quote from: rangerrebew on April 05, 2024, 03:19:13 pm

It would appear either the software techs at the Pentagon are incompetent or traitors. :pondering:

DoD no longer has any.  Most of its RDT&E labs have been closed during the various BRAC rounds and the RDT&E work outsourced to the contractors themselves.