Abstract

With the enormous growth of offshoring software R&D, a concern has arisen that the U.S. may be taking a national security risk by sourcing its software needs to a global innovation network. Offshoring may increase the possibility that malicious parties access software code to steal information, insert harmful code, or carry out other threats. We investigate whether firms that provide software for U.S. defense and critical infrastructure applications perform R&D offshore. Within a sample of 137 U.S.-based firms that submitted software for "Common Criteria" (CC) certification, we found that more than half offshored at least some of their software R&D to a variety of locations, including India, China, and Russia. Active CC participants, as well as larger firms, offshored more. We also investigate reasons given by IT managers for offshoring; a common refrain is that it does not matter where this software is written.

Recommended Citation

McHenry, William K. and Carmel, Erran (2008) "Potential Threats of Offshoring Software R&D: An Analysis of U.S.-Based Firms that Use "Common Criteria" Certification," Journal of Homeland Security and Emergency Management: Vol. 5 : Iss. 1, Article 6.
Available at: http://www.bepress.com/jhsem/vol5/iss1/6