Non-Malicious Taint: Bad Hygiene is as Dangerous to the Mission as Malicious Intent

Abstract

Success of the mission should be the focus of software and supply chain assurance activities regardless of what activity produces the risk. It does not matter if a malicious saboteur is the cause. It does not matter if it is malicious logic inserted at the factory or inserted through an update after fielding. It does not matter if it comes from an error in judgment or from a failure to understand how an attacker could exploit a software feature. Issues from bad software hygiene, like inadvertent coding flaws or weak architectural constructs are as dangerous to the mission as malicious acts. Enormous energies are put into hygiene and quality in the medical and food industries to address any source of taint. Similar energies need to be applied to software and hardware. Until both malicious and non-malicious aspects of taint can be dealt with in ways that are visible and verifiable there will be a continued lack of confidence and assurance in the delivered capabilities throughout their life-cycle.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2014
Accession Number
AD1107757

Entities

People

  • Robert A. Martin

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Commerce
  • Computer Languages
  • Computer Programming
  • Department Of Defense
  • Department Of Homeland Security
  • Engineering
  • Failure Mode And Effect Analysis
  • Governments
  • Homeland Security
  • Information Systems
  • Language
  • Law
  • Life Cycles
  • National Security
  • Security
  • Software Assurance
  • Standards
  • Supply Chain
  • Supply Chain Management
  • Systems Engineering
  • Training
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Educational Psychology
  • Software Engineering.