"The Defense Science Board task force assessed the Dept of Defense (DoD) dependence on software of foreign origin and the risks involved. The task force considered issues with supply chain management; techniques and tools to mitigate adverserial threats; software assurance within current DoD programs; and assurance standards within industry, academia, and government. The full report states that there is no absolute guarantee that software can be santizied of all vulnerabilities, intended or unintended, and recommends a suite of processes and mitigation strategies to reduce the risk of interrupted systems performance and ensure mission success." (More details can be found in http://www.acq.osd.mil/dsb, also published in CrossTalk, May 2008, http://www.stsc.hill.af.mil/crosstalk/2008/05/0805DSTF.pdf)
I'd be glad to get learn about any projects (or research endeavors), planned or underway, that are aligned with the roadmap in the above report to proactively mitigate system risks and enhance the process maturity for achieving systems software assurance in DoD.