Pentagon Issues ‘Do Not Buy’ List for Software
The U.S. Pentagon is in the process of releasing a “Do Not Buy” list for software that does not meet national security standards. This list, effective implementation date pending, places restrictions on both the military and its supporting civilian contractors. However, the potential for this list to expand to other sectors of the U.S. Government is highly likely as cyber-security concerns continue to escalate.
This “Do Not Buy” list could have profound impacts in the broader civilian sector as the “Internet of Things” ("IoT") (e.g. "internet-connected devices") continues to expand into all facets of personal and professional life. As these IoT devices grow in number and sophistication, current security practices need to address how these “things” are used and created. Many IoT devices are predominantly driven by software with less than transparent origin and often lack even the most basic security features. Their vulnerabilities enable them to be easily weaponized in attacks against an intended target. Whether at home or in the office, security practices may need to address using new “things” or how these “things” will be created. Moving forward, the civilian sector will need to consider a “Do Not Buy” list of its own.