In prepared testimony before the House Select Committee on Homeland Security's cybersecurity subcommittee last month, NSA information assurance director Daniel Wolf bemoaned an absence of tools capable of scouring program source code and executables for evidence of tampering. "Beyond the matter of simply eliminating coding errors, this capability must find malicious software routines that are designed to morph and burrow into critical applications in an attempt to hide," said Wolf.
The proposed solution: a federally funded think-tank that would include representatives from academia, industry, government, national laboratories and "the national security community," said Wolf, "all working together and sharing techniques."
The link for this article located at SecurityFocus is no longer available.
