[Met_help] [rt.rap.ucar.edu #82029] History for MET Software Scans

John Halley Gotway via RT met_help at ucar.edu
Wed Jul 10 17:04:09 MDT 2019 

----------------------------------------------------------------
  Initial Request
----------------------------------------------------------------

John, last Spring I sent you guys FORTIFY scans of MET Source Code.  These scans are now required here at 557th WW for any software running on our newest computer system.  The MET scans came back with many critical findings.  Some of these are probably legitimate vulnerabilities and some are probably false positives (not really findings in the context of how the software is used).   It appears we might not be allowed to run MET on our new systems unless we have a plan to address MET's critical findings.  We realize this probably will require funding.  Dan Rozema would like to discuss this issue with NCAR - who would be a good point of contact for him to discuss possible funding to fix MET critical findings.

Thanks
Bob Craig
402-294-3186



----------------------------------------------------------------
  Complete Ticket History
----------------------------------------------------------------

Subject: MET Software Scans
From: Tara Jensen
Time: Mon Sep 18 08:41:35 2017

Hi Bob,

Please point Dan to me.  I'll include John and others as needed. My
contact
info is listed at the bottom of this email.

Cheers, Tara

On Mon, Sep 18, 2017 at 8:09 AM, robert.craig.2 at us.af.mil via RT <
met_help at ucar.edu> wrote:

>
> Mon Sep 18 08:09:05 2017: Request 82029 was acted upon.
> Transaction: Ticket created by robert.craig.2 at us.af.mil
>        Queue: met_help
>      Subject: MET Software Scans
>        Owner: Nobody
>   Requestors: robert.craig.2 at us.af.mil
>       Status: new
>  Ticket <URL:
https://rt.rap.ucar.edu/rt/Ticket/Display.html?id=82029 >
>
>
> John, last Spring I sent you guys FORTIFY scans of MET Source Code.
These
> scans are now required here at 557th WW for any software running on
our
> newest computer system.  The MET scans came back with many critical
> findings.  Some of these are probably legitimate vulnerabilities and
some
> are probably false positives (not really findings in the context of
how the
> software is used).   It appears we might not be allowed to run MET
on our
> new systems unless we have a plan to address MET's critical
findings.  We
> realize this probably will require funding.  Dan Rozema would like
to
> discuss this issue with NCAR - who would be a good point of contact
for him
> to discuss possible funding to fix MET critical findings.
>
> Thanks
> Bob Craig
> 402-294-3186
>
>
>


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tara Jensen
Project Manager II
NCAR RAL and DTC
PO Box 3000, Boulder, Colorado 80307 USA
+1 303-497-8479          jensen at ucar.edu

------------------------------------------------
Subject: RE: [Non-DoD Source] Re: [rt.rap.ucar.edu #82029] MET Software Scans
From: daniel.rozema at us.af.mil
Time: Mon Sep 18 08:59:07 2017

Tara,

Two questions:

1) If funding is available, is your team willing to work the
cybersecurity findings?

2) If the answer to #1 is "yes", do you have a ROM for the cost of
performing the work?

Thanks so much.

Daniel M. Rozema, NH-03, DAFC
Project Manager, Numerical Weather Modeling
AFLCMC/HBAW-OL
Offutt AFB, NE 68113
DSN:  272-6869, Comm:(402) 232-6869
Fax: (402) 232-8210
JWICS:  daniel.rozema at af.ic.gov

"Statement of Limitation of Authority: You are hereby notified that I
do not have the authority to direct you in any way to alter your
contractual obligation. Further, if the government as a result of the
information obtained in today's discussion does desire to alter your
contract requirement, changes will be issued in writing and signed by
the contracting officer. You should take no action on any change
unless and until you receive such a contract modification."
CONFIDENTIALITY NOTICE: This email may contain confidential
information and is intended for the use of the intended recipient. If
you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution or the taking of any action in
reliance on the contents of the information is strictly prohibited. If
you have received this transmission in error, please promptly notify
the sender by reply email, and destroy all copies of the transmission.


-----Original Message-----
From: Tara Jensen via RT [mailto:met_help at ucar.edu]
Sent: Monday, September 18, 2017 9:42 AM
To: CRAIG, ROBERT J GS-12 USAF ACC 16 WS/WXN
<robert.craig.2 at us.af.mil>
Cc: ROZEMA, DAN M NH-03 USAF AFMC AFLCMC/HBAW-OL
<daniel.rozema at us.af.mil>; HIDALGO, JUAN M GS-13 USAF ACC 16 WS/16
WS/WXES <juan.hidalgo.2 at us.af.mil>
Subject: [Non-DoD Source] Re: [rt.rap.ucar.edu #82029] MET Software
Scans

Hi Bob,

Please point Dan to me.  I'll include John and others as needed. My
contact info is listed at the bottom of this email.

Cheers, Tara

On Mon, Sep 18, 2017 at 8:09 AM, robert.craig.2 at us.af.mil via RT <
met_help at ucar.edu> wrote:

>
> Mon Sep 18 08:09:05 2017: Request 82029 was acted upon.
> Transaction: Ticket created by robert.craig.2 at us.af.mil
>        Queue: met_help
>      Subject: MET Software Scans
>        Owner: Nobody
>   Requestors: robert.craig.2 at us.af.mil
>       Status: new
>  Ticket <URL:
https://rt.rap.ucar.edu/rt/Ticket/Display.html?id=82029
> >
>
>
> John, last Spring I sent you guys FORTIFY scans of MET Source Code.
> These scans are now required here at 557th WW for any software
running
> on our newest computer system.  The MET scans came back with many
> critical findings.  Some of these are probably legitimate
> vulnerabilities and some are probably false positives (not really
findings in the context of how the
> software is used).   It appears we might not be allowed to run MET
on our
> new systems unless we have a plan to address MET's critical
findings.
> We realize this probably will require funding.  Dan Rozema would
like
> to discuss this issue with NCAR - who would be a good point of
contact
> for him to discuss possible funding to fix MET critical findings.
>
> Thanks
> Bob Craig
> 402-294-3186
>
>
>


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tara Jensen
Project Manager II
NCAR RAL and DTC
PO Box 3000, Boulder, Colorado 80307 USA
+1 303-497-8479          jensen at ucar.edu



------------------------------------------------

More information about the Met_help mailing list