Bush’s Top Pick for Security Intelligence Backs Out; Homeland Security IT Spending; Top 10 Web App Vulnerabilities; Univ. of California under Fire for Lab Mismanagement

Bushs Top Pick for Security Intelligence Backs Out

According to a story in the Washington Post this morning, the White House’s leading candidate to head the Homeland Security Department’s intelligence armJames R. Clapper, former director of the Defense Intelligence Agencyhas withdrawn his name from consideration, less than two weeks before the department is to open. A spokesman for the National Imagery and Mapping Agency, where Clapper plans to continue working, would not elaborate on why Clapper asked that he not be nominated for the homeland security job. The Post says that Clapper’s withdrawal left the Bush administration without a clear favorite to oversee one of the new agency’s core missions: coaxing often competing intelligence agencies to pool data.Homeland Security IT SpendingCNET News.com report says that, according to Congress’ auditing arm, the U.S. government spent at least $2.9 billion in 2002 on information technology related to homeland security and will spend at least that amount again this year. The General Accounting Office released a report yesterday that said that for fiscal 2003, roughly $52.6 billion in IT funding has been requested by the federal government overall; last years federal spending on IT was $48.6 billion. The report also said the two-year, $5.8 billion figure for homeland security IT may be low because of potential IT-related costs not captured in the report.

A

Top 10 Web App VulnerabilitiesThe Register from the U.K. today. The report includes the list, from “invalidated parameters” to “Web and application server misconfiguration,” which the Open Web Application Security Project (OWASP) says is designed to help organizations understand and improve the security of their Web applications and Web services. Although viruses and firewalls steal most of the headlines, OWASP says, Web application code is part of the security perimeter and cannot be ignored.

An open source security group has put together a list of the 10 most critical web application security vulnerabilities, reports

University of California Under Fire for Lab MismanagementMercury News details the troubles the University of California regents face over their oversight of Los Alamos nuclear weapons lab and its sister lab in Livermore, which the university has been contracted by the government to manage since 1943. A hands-off management style began 60 years ago with the Manhattan Project and has dragged the nation’s largest university into a series of embarrassing scandals, the most recent of which is a controversy involving credit-card fraud and allegations of coverup by lab managers worried about preserving the lab’s public image, the Mercury News says. Lab workers say their freedom from management scrutiny has provided fertile ground for scientific research, giving them the benefits of university affiliation without the restrictions. That allows scientists to spend time on the basic science underlying their projects, for example, using computer models to explain how pathogens operate, research relevant to homeland security. On the other hand, the story explains, critics argue that this freedom has provided lab scientists such as physicist Edward Teller unfettered license to lobby the Pentagon, Congress and even the White House for favorite bomb projects. The net effect was to exacerbate the nuclear arms race. Management failures have been described and tabulated many times. In the wake of the Wen Ho Lee spy case three years ago, a presidential advisory board produced a list of 112 studies by the General Accounting Office criticizing the labs for security violations.

A lengthy article in todays