Georgia Tech Procurement Assistance Center

Georgia Tech researchers awarded $7.5 million from ONR for secure stack

By

A team of Georgia Tech researchers from the School of Computer Science (SCS) has been awarded $7.5 million from the Office of Naval Research to develop a customized attack-resistant software stack.

SCS Assistant Professor Bill Harris is the principal investigator on the project and is collaborating with Professors Wenke Lee and Alessandro Orso, Associate Professor Santosh Pande, and Assistant Professor Taesoo Kim.

The researchers are working on a technique for reducing what’s known as the attack surface, the total number of ways in which a program can be vulnerable to exploit. Most general-purpose software includes code that not every user needs, and unused code can create an opportunity for exploit for an attacker. Through this research, users will be able to run software in which unneeded code is removed, thus decreasing the vulnerability of the programs they use.

Lee compares the project to a house. “When you build a house, you only really need one door, but the house may still have multiple doors. The number of doors increases the opportunity to break in,” Lee said. “If you only have one door, your house is more secure.”

In order to do this, the researchers are looking at the full stack of software systems, including applications, operating systems, and possibly Internet of Things devices. They are planning to use static and dynamic analysis techniques to determine which pathways through the system different users need. Each researcher has a specific area of expertise:

  • Pande’s focus on compilers will help determine what essential code must be loaded for each user during application execution.
  • Harris’s expertise with static analysis will provide guarantees that the software maintains its integrity despite removed code.
  • Orso will use dynamic analysis and testing techniques to confirm the modified system still functions as expected.
  • Kim will use his expertise in systems to determine which modules can be removed from the operating system without compromising its functionality.
  • Lee will focus on the aspects related to security and use his expertise to analyze and experiment with malware.

Overall, the five researchers have the set of complementary skills needed for the project to be successful. Over the five-year life of the grant, the researchers expect to develop a series of approaches for reducing attack surface that anyone can use on complex systems, as well on low-level code.

“Going back to the house metaphor, the problem is that different people want to use different doors,” Orso says. “Our research will allow users to customize the house for each person so that it contains only the door that person needs.”

Source: http://www.news.gatech.edu/2018/01/12/georgia-tech-researchers-awarded-75-million-office-naval-research-secure-stack

Company that used Russian coders for Pentagon project strikes deal

By

Russian developers did some of the coding work for a Defense Department software system and stored that code inside a server in Moscow, according to a non-prosecution agreement released Monday.

Those Russian coders only worked on unclassified portions of the Defense Information Systems Agency project, but, in some cases, knew they were helping to develop a highly sensitive system that would attach to Defense Department information networks, according to the agreement between the Justice Department and Netcracker Technology Corp., the subcontractor that hired the Russian coders.

The non-prosecution deal ends a criminal investigation against Netcracker that was led by the Justice Department’s national security division and the U.S. Attorney’s Office for the Eastern District of Virginia.

Keep reading this article at: http://www.nextgov.com/cybersecurity/2017/12/company-used-russian-coders-pentagon-project-strikes-deal/144466/

6 companies score $258 million in supercomputing contracts

By

The Energy Department is investing hundreds of millions of dollars in researching powerful but energy-efficient computers.

The department is awarding $258 million in research contracts to six companies developing supercomputing technology. Over the next three years, those companies are expected to build out the hardware, software and applications for an exascale computing system 50 times faster than today’s most powerful computers, according to the Energy Department. The department is aiming to have one exascale system by 2021.

IBM, Intel, Hewlett-Packard, Advanced Micro Devices, Cray Inc. and NVIDIA were awarded research contracts and are expected to invest hundreds of millions of dollars of their own money, bringing the total cost of the project to about $430 million.

Keep reading this article at: http://www.nextgov.com/emerging-tech/2017/06/6-companies-score-258m-supercomputing-contracts/138769

Oracle to leave GSA schedule: A signal of broader change?

By

GSA logoOracle is leaving the General Services Administration’s schedules program. It’s not going to just stop selling directly through the IT schedule, but the software giant will no longer use third-party resellers either, according to multiple sources.

Let that sink in for a second. One of the largest software vendors in the world is telling GSA, thanks, but we can live without you.

Sources said Oracle decided the GSA schedules just weren’t worth the hassle any longer — the compliance requirements, the potential and real threats of False Claims Act lawsuits and the new Transactional Data Reporting (TDR) rule, all played into this decision.

“The federal market is a very small chunk of their business and while it seems big for us, when you look at someone like Oracle’s overall business, they have to expend an exorbitant amount of resources for little payoff,” said Jennifer Aubel, a principal with Aronson Consulting, who said she wasn’t familiar with Oracle’s decision. “With the TDR and even with not having to do price reduction clause reporting, a company like Oracle would still have to do monthly reporting and there is a lot of concerns, including how GSA will keep the data secure.”

Keep reading this article at: http://federalnewsradio.com/reporters-notebook-jason-miller/2016/09/oracle-leave-gsa-schedule-signal-broader-change/

Government contractors could lose key protection, attorneys warn

By

Supreme CourtUnless overturned by the U.S. Supreme Court, a federal ruling threatens to erode a basic protection enjoyed by businesses that contract with the government, according to veteran litigators with national law firm LeClairRyan.

“The plain language of a contract has always meant precisely what it says, not what the government claims it means,” said Thomas A. Coulter, a shareholder in LeClairRyan’s Alexandria and Richmond, Va., offices. “And yet this fundamental principle of contract law could suffer lasting damage — with potentially far-reaching implications for contractors — if the High Court declines to examine, and ultimately reject, the Air Force’s treatment of our client, Distributed Solutions, Inc.”

LeClairRyan submitted a brief on March 10 asking the Supreme Court to take up the case of Distributed Solutions Inc. v. Deborah Lee James, Secretary of the Air Force (15-1157). The contract dispute hinges on whether the Air Force had a perpetual right to use Distributed Solutions’ proprietary software required to successfully run the multi-million dollar purchasing and contract management support system for over 3,500 Air Force activities that operate using Non-Appropriated Funds.

During the course of negotiations, the government drafted and agreed to clearly worded language indicating that its usage rights for the software were valid only for the life of the five-year contract, Coulter explained. However, toward the end of the contract, the government claimed the right to use the software perpetually — with no obligation to pay licensing fees after the contract had ended.

“The meaning of the phrase ‘[t]his modification [which contained the government’s right to use the software] is valid for the entire life of the contract’– language the Government drafted — is clear and unambiguous,” the attorney said, “Despite acknowledging the clarity of its own language, the government later claimed that the language did not mean what it clearly said.”

Distributed Solutions filed an unsuccessful claim with the Air Force. A review board denied the company’s appeal in August 2014. In the review board’s judgment, Distributed Solutions should have avoided the dispute by better explaining its interpretation of the provision in question. The Federal Circuit upheld this view, which runs counter to time-honored legal principles in contract law, said Stephen M. Faraci, a shareholder in LeClairRyan’s Richmond office.

Unless corrected, these judgments could have far-reaching implications for contractors, the attorney said. “Bear in mind, this language was drafted by the government itself,” Faraci noted. “So does this mean that, moving forward, parties contracting with the government will need to inquire about the meaning of language drafted by the government, regardless of the language’s clarity, to avoid the risk that the government later will reverse itself?”

This new expectation for contractors to question the meaning of clear and unambiguous wording will be particularly onerous to small businesses, which are a significant source of innovation for government operations, according to Coulter.  Such an expectation could deter small businesses from entering into government contracts to avoid the expense of employing attorneys to negotiate each word of the contract in order to ensure they can hold the government to its contractual obligations, he said.

Given that government contracts are already voluminous and complex, often with multiple modification provisions, such an expectation would be unprecedented, unworkable and unwise, added Joseph M. Rainsbury, counsel in LeClairRyan’s Roanokeoffice. “Plain contractual language speaks for itself and has always been sufficient, legally,” he said. “Contractors such as Distributed Solutions should not be expected to read between the lines or to inform the government about their interpretations of clearly worded provisions.”

“Should the judgment stand, contractors with proprietary software will have significant concerns about the business costs/risks of developing counteracting contracting language needed to prevent the government from later arbitrarily reinterpreting the intent of plain language that they have previously agreed to,” said Daniel E. Carr, Founder and CEO of Distributed Solutions, which is a small business. “This is particularly true if software innovation is at the core of what the company is and does,” Carr said. “If a company implements for the government an innovative proprietary solution, it simply must know that this will not involve the sudden, unexpected and unfair loss of its precious intellectual property. This kind of overreach might be commonplace around the world, but it is not supposed to happen in the United States.”

Source: http://www.prnewswire.com/news-releases/government-contractors-could-lose-key-protection-attorneys-warn-300250693.html

Software vendors be warned: The old rules may no longer apply to government

By

Software vendors take notice: The General Services Administration (GSA) is proposing a new rule regarding something arcane but important.

GSA logoGSA has identified 15 terms and conditions common in commercial supplier agreements that it considers incompatible with existing federal law. And where there is a conflict, government’s own commercial terms rule. It’s designed to save everyone time. Vendors won’t have to comb their contracts for offending clauses — they just can’t be enforced.

For now it applies to any GSA contract that includes software. But don’t rule out the possibility of the rule going governmentwide.

For example, GSA is forcing an end to automatic renewals of period-limited software licenses or maintenance agreements. Instead, ordering agencies will award one-year with renewal options to be negotiated and re-awarded in subsequent years. The legal basis for this is that a contracting officer may not obligate funds that have not been appropriated, lest he or she be found in violation of the Anti-Deficiency Act.

Keep reading this article for a complete description of all the nullified terms and conditions: http://www.bizjournals.com/washington/blog/fedbiz_daily/2015/04/software-vendors-be-warned-the-old-rules-may-no.html

GSA plans new governmentwide software contracts

By

The General Services Administration plans to create a slate of new blanket purchase agreements with large commercial software publishers to be used governmentwide, according to solicitation documents issued Thursday.

The new contracts will allow agencies to use software from a collection of large publishers based on standard rates negotiated by GSA rather than negotiating purchases themselves.

Officials from GSA’s SmartBUY program and a cadre of software advisers from across the government are seeking input from major publishers as they put the BPAs together, the sources sought document said.

Keep reading this article at: http://www.nextgov.com/cloud-computing/2012/11/gsa-plans-new-governmentwide-software-contracts/59418/?oref=nextgov_today_nl.

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More