Strengthening US DoD Cyber Security with the Vulnerability Market.

摘要

In the past decade, the DoD and defense contractors have witnessed an immense theft of intellectual property which originated inside and outside our borders. So how do these thefts occur when the DoD has one of the most secure and defended networks in the world. Every year, the DoD upgrades their IT systems, allows new applications to connect to the network, and reconfigures the enterprise to gain efficiencies. While these actions are often in support of the warfighter and securing national security interests, they also introduce new system vulnerabilities that lie in wait to be exploited. Often, these vulnerabilities are discovered when the system is already deployed and too late to stop a leak of sensitive information. A proactive approach is needed to identify possible system vulnerabilities prior to fielding when the costs to fix a bug are much less. This paper recommends that the DoD adopt an Information and Software Assurance tactic that has recently grown in popularity; the vulnerability market. Through use of the vulnerability market, DoD can ensure that information security is built into the application layer, minimize the number of patches distributed, and optimize the investment in defense programs.