Defense Science Board Task Force on Mission Impact of Foreign Influence on DOD Software, Report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on DOD Software (Sept. 2007) (full-text).
The Task Force studied foreign influence on DOD software. It found that the Department of Defense faces a difficult quandary in its software purchases in applying intelligent risk management, trading off the attractive economics of COTS and of custom code written offshore against the risks of encountering malware that could seriously jeopardize future defense missions. The current system designs, assurance methodologies, acquisition procedures, and knowledge of adversarial capabilities and intentions are inadequate to the magnitude of the threat.
The Task Force recommended the use of an intelligent risk management process to ensuring a trusted supply chain, mitigate malicious attacks, enable efficient responses, and maintain trustworthiness in the software that support DOD's critical missions. The Task Force also made recommendations in areas of procurements, intelligence, quality and security assurance, acquisition, research and development, and the national agenda.