Department of Defense policies are not addressing the risk of foreign software developers inserting malicious code or backdoors that could jeopardize weapons systems, concludes a new Government Accountability Office (GAO) report. GAO investigators found that "11 of the 16 software intensive weapon systems we reviewed did not make foreign involvement in software development a specific element of their risk management efforts." Pentagon officials agreed with many of the GAO's findings, and pointed out that "risk attributable to software vulnerabilities are not limited to foreign suppliers." @ Knowledge of Software Suppliers Needed to Manage Risks" is below.Gao04678_Weapons0904.pdf