recommended reading

Military invests in tool for worm-proofing warfighter apps

Flickr user eleZeta

The military is funding software that will exploit weaknesses in Android mobile applications to test the tools’ security before releasing them in a forthcoming warfighter app store, contract documents show.

The Defense Advanced Research Projects Agency, since May 2010, has been developing an online Android app store for troops on the battlefield, and now the agency wants to ensure any tools loaded into the marketplace are worm-proof. So the government has awarded a disabled veteran-owned small business called Aderon LLC a $73,879 contract to help build testing software. The security tool is slated to be released 12 months from now, according to the government’s procurement database.

The software “will expose potential security vulnerabilities through fault injection” -- the introduction of errors into code -- as well as enforce access controls, the documents state. And it will “scan, annotate, modify and instrument Android mobile application software” to comply with Defense Department security requirements. When flaws are detected, the program will alert software analysts to the problem and help them fix the bugs.

The testing software also must be able to analyze third-party app libraries invoked by the Android tool. The work will be performed through the National Institute of Standards and Technology computer security division. NIST began vetting contractors less than a month ago. Aderon will design the program in-house and occasionally meet with NIST officials at the agency’s Gaithersburg headquarters.

The forthcoming app store is intended to slash the traditionally lengthy process of acquiring and updating information technology for national security missions. The downloadable mobile tools are expected to support service members with, among other tasks, command and control of military systems, intelligence gathering, surveillance and language translation.

In June, the Pentagon released a mobile device strategy that offered top-level policy guidance on the use of smartphones and tablets, but offered no specifics on how to secure them for use on Defense networks.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.