- By Matthew French
- Jul 19, 2004
On Oct. 30, 2002, Defense Department officials issued the Interim Defense Acquisition Guidebook, which contained the following security rules for when foreign nationals participate in software development:
Vendors must indicate whether foreign nationals participated in any way in software development, modification or remediation.
Foreign nationals employed by contractors or subcontractors to develop or modify software code for DOD must have security clearances equal to the level of the program in which the software is being used.
Primary vendors on DOD contracts may have subcontractors that employ cleared foreign nationals who work only in a certified or accredited environment.
DOD software with coding done in foreign environments or by foreign nationals must be reviewed by software quality assurance employees for malicious code.
Vendors that demonstrate efforts to minimize the security risks associated with foreign nationals will be given preference during the contracting process in product selection or evaluation.
Software quality assurance employees must check software sent to locations not directly controlled by DOD or its contractors for malicious code when it is returned to the DOD contractors' facilities.
This guidance acknowledges the additional risks associated with using foreign nationals in software development, but the procedures listed are not mandatory and, according to the guidebook, are to be used at the discretion of acquisition program managers.