COTS: Now maybe a four-letter word
Software products now include code that was developed offshore and may contain malicious code that threatens U.S. critical infrastructure and mission-critical defense and intelligence systems.
How many people remember business before COTS? For those of you scratching your heads, that stands for commercial-off-the-shelf.
COTS is the acronym associated with a government initiative that, at the time, was a radical departure from custom-designed and -developed products for use inside the government. The U.S. military was infamous for developing detailed requirements for the products they sought. Remember the mil-spec? The driving force behind the movement to commercially available software was without a doubt cost reduction. All indications are the initiative worked and there were serious savings over custom design and development.
Times have changed. Many software products now include code that was developed offshore. In addition, many companies outsource the development of software that are embedded in their products or support services. Many supporters of outsourcing point to the old term “trust but verify” when it comes to offshore software development, but that is easier said than done. Many of these applications are millions, if not tens-of-millions, of lines of code and finding a malicious routine within that large of a code base is complex, time-consuming and costly.
Perhaps it is time for all software applications that are used in our critical infrastructure or in mission-critical defense and intelligence systems be developed within the shores by trusted U.S. citizens.
NEXT STORY: Crypto rules changing for ID cards