Vulnerability and Remediation for a High Assurance Web-Based Enterprise

Abstract

A process for fielding vulnerability free software in the enterprise is discussed. This process involves testing for known vulnerabilities, generic penetration testing and threat specific testing coupled with a strong flaw remediation process. The testing may be done by the software developer or certified testing laboratories. The goal is to mitigate all known vulnerabilities and exploits, and to be responsive in mitigating new vulnerabilities and/or exploits as they are discovered. The analyses are reviewed when new or additional threats are reviewed and prioritized with mitigation through the flaw remediation process, changes to the operational environment or the addition of additional controls or products). This process is derived from The Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology which covers both discovery and remediation. The process has been modified for the USAF enterprise.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 28, 2014
Accession Number
AD1123774

Entities

People

  • Coimbatore Chandersekaran
  • William R. Simpson

Organizations

  • Institute for Defense Analyses

Tags

Communities of Interest

  • Biomedical
  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Cloud Computing
  • Computer Network Security
  • Computer Networks
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Contracts
  • Department Of Defense
  • Engineering
  • Environment
  • Governments
  • Information Systems
  • Intellectual Property
  • Internet
  • Security
  • Software Development
  • Standards
  • Systems Engineering
  • Test And Evaluation
  • Web Applications

Readers

  • Defense Acquisition Program Management
  • Military Science and Technology Research and Modernization.
  • Software Engineering