Wednesday, September 16, 2009

Boeing's Statement On My "Malicious Code" Story

Just got this response from Boeing to my report on the controversial "malicious code" clause in the P-8I contract. This is a statement from Dr Vivek Lall Vice, President and India Country Head, Boeing Integrated Defense Systems. Here it is:

In your story, "Is Indo-US plane deal a compromise?" (India Today, Sept 11), you leave readers with the impression that a "potentially explosive clause" in the contract India signed for the purchase of eight Boeing P-8I aircraft will allow an unnamed US entity to inject malicious code into the aircraft operating software. In fact, the purpose of the clause is quite the opposite. The malicious code clause, signed by Boeing with full concurrence, intentionally protects India against injection of any malicious software that could inhibit the desired and designed function of the equipment, or cause it physical damage. The Government of India stipulated the requirement, and by signing the contract, Boeing is agreeing it will not include, nor allow third parties to include any malicious software in the delivered system. Boeing has passed this requirment down to our suppliers. Boeing takes this contractual requirement extremely seriously as our company reputation and operation demands the highest ethical behavior. [STATEMENT ENDS]

However, the report on Headlines Today more to do with the following excerpt from the contract:

"In the event of nonconformance or defect attributed to malicious code, Buyer’s sole and exclusive remedy is to require Seller to modify the hardware and/or software to remove the malicious code or to replace the malicious code with code that is not malicious code."


Anonymous said...

Kindly do verify the following information
Israelis had found malicious code in their F-16's. They having a matured military industrial complex were able to track the malicious code and fix it.

Anonymous said...

The referenced clause is boilerplate in all such agreements. Wipro, Infy, TCS all agree to such clauses in agreements with their customers.

Shiv, I'm a bit disappointed that you have created a mountain out of a molehill. I hope you will maintain your usual journalistic standards in the future and not fall into the trap of sensationalizing trivia to create visibility and traffic.

I think you are a definite cut over the screaming headless chickens that usually report on Indian defence matters. Let's keep it that way.

Anonymous said...

Regardless of any clarifications, the truth remains even the long trusted allies like Israel and tail-wagging vassals like Aussies have found bugs. Why would our purchases be any different?

If you found the malicious code then their liability is JUST to fix it. Basically inject another undetectable one.

There should be a STIFF monetary penalty if a malicious code is found. Any future participation for defence contracts should require that company to first CLEAR any outstanding penalties.

Anonymous said...

basically the P8I poseidon is a flying duck for the IDAS system of the U-214s of pakistan. with the IDAS system P8Is will be shot down like ballons.

the money spent on buying P8I poseidons could have been better utilized had india bought the U-214

the honest question is can the P8I destroy a U-214 400-metres under water depth ????? we all know the answer to that one NO, No & NO.

Then why waste ypur money on the P8I poseidon ????

Anonymous said...

Timur, the lame, the invader had a desire to ride the Elephant which he saw in India. So his men fetched a mahout with the elephant.

Timur lane: Mahout, give me the reins of this animal

Mahout: Sire, this animal does not have any reins. I will drive it for you

Timur lane: Bring me down, bring me down

Mahout: Ok sir. But why?

Timur lane: I don't want to ride an animal WHOSE REINS I DON'T HAVE IN MY OWN HANDS.

What Timur the lame understood in 14th century, I hope our Indian babus understand in THIS century.

Anonymous said...

Shiv, Good job bringing it up and following on. Looking forward to more of good reporting.

@Anonymous2 "The referenced clause is boilerplate in all such agreements. Wipro, Infy, TCS all agree to such clauses in agreements with their customers"

If one of TCS/Wipro's clients goes bankrupt because of a malicious code, that is all it will be, a dead civilian company. Its not going to be end of their country or economy.

In what world of "risk analysis" would a "failing civilian company" equal to "defeated India"? There is something called context that is very important in any assessment.

Anonymous said...

Vivek Lall is lying. You were correct in your overall assesment Shiv, Vivek is obfuscating the issue so that the gullible media will sell US side of story and allow the purchase of Boeing aircraft unhindered.

Anonymous said...

oh no ! shiv, what have you done? you have just killed your chance of co-piloting the P8I, my boy ! all these years of cozying upto Boeing for F-18 flights and exclusive snippets from P8 assembly bay has gone careful in future ,lad...remember ,we are expecting you to fly the F-22 into Indian soil one day.