DOD Raises Software Security Expectations With SWFT Initiative

Open-source software (OSS) may be in the crosshairs of military and government agencies as the U.S. Department of Defense (DOD) evaluates the risks of both free and proprietary software.

Katie Arrington, the DOD’s CIO, issued a memo on May 2 announcing the Software Fast-Track (SWFT) initiative to reform how software is acquired, tested, and authorized. Concerns over increasing campaigns attacking procurement systems and sensitive information leaks are fueling a system-wide review of how software is evaluated, approved, and granted an Authorization to Operate (ATO) within DOD systems.

Arrington set a 90-day timeframe for developing a framework for DOD’s Cybersecurity and Supply Chain Risk Management (SCRM) practices. As part of this effort, the DOD issued multiple requests for information (RFIs) from industry leaders on software security issues.

So far, the DOD has not issued an outright ban on open-source software. However, due to potential security risks, it has expressed significant concerns regarding its use in critical systems.

The DOD declined to answer questions submitted by LinuxInsider about the anticipated role of OSS tools. Previous documents within the DOD suggest a move toward a more security-focused approach to using all software rather than outlawing its use.

DOD Raises Software Security Expectations With SWFT Initiative

Related reading

Is a Security Baseline Enough for Open-Source Software?

New DOD Rule May Encourage More Whistleblowing

From Kernel to Cloud: Open Source Takes On Security Trade-Offs

The Pentagon is gutting the team that tests AI and weapons systems

Sen. Warren questions DOD about Anthropic blacklist that 'appears to be…

Microsoft open-source toolkit secures AI agents at runtime