The Software Industry's "Clean Water Act" Alternative

Abstract

With water we have trust that qualities harmful to its intended use are not present. In order to avoid a regulatory "solution" to problems with "contaminants" that endanger software's intended use, the industry needs to put in place processes and technical methods for examining software for the contaminants that are most dangerous given the intended use of specific software. The Common Weakness Enumeration (CWE(trademark)) [1] offers the industry a list of potentially dangerous contaminants to software. Common Weakness Scoring System (CWSS(trademark))[2] and Common Weakness Risk Analysis Framework (CWRAF (trademark))[3] provide a standard method for identifying which of these dangerous contaminants would be most harmful to a particular organization, given the intended use of a specific piece of software within that organization.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2012
Accession Number
AD1108590

Entities

People

  • Robert A. Martin
  • Steven M. Christey

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Biomedical
  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Application Software
  • Authentication
  • Commerce
  • Computer Languages
  • Computer Program Documentation
  • Computer Programming
  • Computers
  • Computing Devices
  • Control Systems
  • Electronic Commerce
  • Environment
  • Environmental Pollutants
  • Environmental Protection
  • First Responders
  • Governments
  • Groundwater
  • Health Services
  • Medical Personnel
  • Risk
  • Risk Analysis
  • Vulnerability
  • Web Browsers
  • Websites

Fields of Study

  • Engineering

Readers

  • Environmental Engineering.
  • Software Engineering.