Ask Your Question
0

Is there any official documentation to confirm that Wireshark is TAA Compliant?

asked 2022-11-30 12:55:45 +0000

updated 2022-11-30 16:49:42 +0000

cmaynard gravatar image

New requirement at job requires all major software update requests come with documentation confirming TAA Compliance in accordance to U.S. Federal government standards. Wireshark has now updated beyond 4.x which will require me to submit a request for approval to use this software on our enterprise. Approval will not occur unless proof of TAA compliance accompanies the submission. Any assistance with this would be greatly appreciated.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-12-01 02:28:51 +0000

Guy Harris gravatar image

OK, so when it comes to Trade Agreements Act compliance for software, the US General Services Administration published "Commercial Software and the Trade Agreements Act (TAA)".

That document, dated 2015, states that

The current threshold for the applicability of the Trade Agreements Act (for a supply or service contract) is $203,000.

Given that the price for Wireshark is $0, it seems unlikely that Wireshark will ever cross that threshold.

As for the "country of origin", the aforementioned document states that

Software may consist of components from various countries, and the components may also be compiled in a different country.

Wireshark has contributions from a lot of countries, including some that are not in the list of Designated Countries in that document and that are probably still not in that list. I'm not sure what "compiled" means there, but if it means "run through the compiler", I suspect that was done either in the US or a Designated Country.

I don't know whether we have any official document about TAA compliance and, given the above, I wouldn't be surprised to find that we don't; @Gerald Combs, do we have anything?

edit flag offensive delete link more

Comments

Thank you for this response. I will provide this to the reviewers of my request.

light_foot16 gravatar imagelight_foot16 ( 2022-12-02 13:41:12 +0000 )edit

We don't have any official TAA compliance statement, but the official Wireshark packages are built in the US, and the main distribution point (www.wireshark.org) is in the US as well.

Gerald Combs gravatar imageGerald Combs ( 2022-12-02 22:06:37 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-11-30 12:55:45 +0000

Seen: 305 times

Last updated: Dec 01 '22