State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation 2016
Abstract
Nearly all modern systems depend on software. It may be embedded within the system, delivering capability; used in the design and development of the system; or used to manage and control the system, possibly through other systems. Software may be acquired as a commercial off-the-shelf component, custom developed for the system, or embedded within subcomponents by their manufacturers. Modern systems often perform the majority of their functions through software and can easily include millions of lines of software code. Although functionality is often created through software, this software can also introduce risks. Unintentional or intentionally inserted vulnerabilities (including previously known vulnerabilities) can provide adversaries with various avenues to reduce system effectiveness, render systems useless, or even turn our systems against us. Department of Defense (DoD) software, in particular, is subject to attack. Analyzing DoD software to identify and remove weaknesses is a critical program protection countermeasure. Unfortunately, it can be difficult to determine what types of tools and techniques exist for analyzing software, and where their use is appropriate.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 2016
- Accession Number
- AD1106086
Entities
People
- Amy E. Henninger
- David A. Wheeler
- E. K. Fong
Organizations
- Institute for Defense Analyses