As part of its effort to encourage the development and use of more secure software, the federal government is quietly moving toward buying such programs in an expedited way, outside of the normal procurement process.
Software vendors say that some government agencies have begun this process already, and a recommendation in the final version of the National Strategy to Secure Cyberspace encourages more agencies to follow suit.
“The private sector should consider including in near-term research and development priorities programs for highly secure and trustworthy operating systems,” the recommendation reads. “If such systems are developed and successfully evaluated, the federal government will, subject to budget considerations, accelerate procurement of such systems.”
The recommendation is included in a draft of the final version obtained by eWEEK.
Executives at Microsoft Corp. said that some government organizations have already begun using security as a way to expedite the long and often arduous federal procurement process.
“Some government agencies are getting special approval to bypass the purchasing process because of the security of Windows Server 2003,” said Susan Koehler, chief Trustworthy Computing strategist at Microsoft, based in Redmond, Wash.
Although Microsoft has often been criticized—sometimes by the government itself—for the number and nature of vulnerabilities in its operating systems, last year Windows 2000 Professional, Server and Advanced Server were awarded Common Criteria certifications. The certifications, administered by the National Information Assurance Partnership, evaluate a products conformance to accepted standards of reliability and security.
Windows Server 2003, due for release in April, is the companys next-generation server OS and is designed to replace Windows 2000. Its also the first major product that was designed and built within the parameters of Microsofts Trustworthy Computing security push.
In fact, the governments recommendations on this subject use verbatim some of the language that Bill Gates employed to outline the companys vision for the future of secure computing in his e-mail manifesto last year.
“An important goal of cybersecurity research will be the development of highly secure and trustworthy computing systems. In the future, working with a computer, the Internet or any other cyber system may become as dependable as turning on the lights or the water,” the strategy says. Gates memo used the reliability of public utilities such as water and electricity as models for the way that computers should perform in the future.