First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Is there any official documentation to confirm that Wireshark is TAA Compliant?

  • retag add tags

New requirement at job requires all major software update requests come with documentation confirming TAA Compliance in accordance to U.S. Federal government standards. Wireshark has now updated beyond 4.x which will require me to submit a request for approval to use this software on our enterprise. Approval will not occur unless proof of TAA compliance accompanies the submission. Any assistance with this would be greatly appreciated.

light_foot16's avatar
1
light_foot16
asked 2022-11-30 12:55:45 +0000
cmaynard's avatar
11.1k
cmaynard
updated 2022-11-30 16:49:42 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

OK, so when it comes to Trade Agreements Act compliance for software, the US General Services Administration published "Commercial Software and the Trade Agreements Act (TAA)".

That document, dated 2015, states that

The current threshold for the applicability of the Trade Agreements Act (for a supply or service contract) is $203,000.

Given that the price for Wireshark is $0, it seems unlikely that Wireshark will ever cross that threshold.

As for the "country of origin", the aforementioned document states that

Software may consist of components from various countries, and the components may also be compiled in a different country.

Wireshark has contributions from a lot of countries, including some that are not in the list of Designated Countries in that document and that are probably still not in that list. I'm not sure what "compiled" means there, but if it means "run through the compiler", I suspect that was done either in the US or a Designated Country.

I don't know whether we have any official document about TAA compliance and, given the above, I wouldn't be surprised to find that we don't; @Gerald Combs, do we have anything?

Guy Harris's avatar
19.9k
Guy Harris
answered 2022-12-01 02:28:51 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you for this response. I will provide this to the reviewers of my request.

light_foot16's avatar light_foot16 (2022-12-02 13:41:12 +0000) edit
more
  • delete

We don't have any official TAA compliance statement, but the official Wireshark packages are built in the US, and the main distribution point (www.wireshark.org) is in the US as well.

Gerald Combs's avatar Gerald Combs (2022-12-02 22:06:37 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer