By Mathew J. Schwartz InformationWeek December 03, 2012
Does commercial, off-the-shelf software or hardware contain built-in backdoors to give foreign attackers direct access to corporate or government networks, or pose some other type of information security risk? The Department of Defense wants to find out.
The Defense Advanced Research Projects Agency (DARPA) Thursday published details of its new Vetting Commodity IT Software and Firmware (VET) program, which the agency said is designed to find “innovative, large-scale approaches to verifying the security and functionality of commodity IT devices — those commercial information technology devices bought by DOD — to ensure they are free of hidden backdoors and malicious functionality.”
DARPA’s new program seeks to overcome three current, related technical challenges associated with that task: identifying which capabilities in a device could be malicious; using that list as a checklist to assess if any given device actually is malicious; and then using that knowledge to allow a non-technical expert to test every instance of every device before it gets rolled out in a Department of Defense network.
“DOD relies on millions of devices to bring network access and functionality to its users,” said DARPA program manager Tim Fraser in a statement. “Rigorously vetting software and firmware in each and every one of them is beyond our present capabilities, and the perception that this problem is simply unapproachable is widespread. The most significant output of the VET program will be a set of techniques, tools and demonstrations that will forever change this perception.”
______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org