The Pentagon is distributing a “Do Not Buy” list of software that fails to meet national security standards. The list was started 6 months ago but while circulation among the military and its contractors started last week in response to “specific issues.” The defense undersecretary for acquisition and sustainment announced that “we are…making sure that we do not buy software that’s Russian or Chinese provenance…quite often that’s difficult to tell at first glance because of holding companies…it’s a huge education process.” An unclassified IC document describes that both China and Russia are able to examine the source code of companies selling software abroad. This may allow them to test and find vulnerabilities that could later be exploited if the software were used in the U.S.
Source: Pentagon Creates ‘Do Not Buy’ List of Russian, Chinese Software – Defense One