A Systemic Approach for Assessing Software Supply-Chain Risk

Abstract

In today's business environment, multiple organizations must routinely work together in software supply chains when acquiring, developing, operating, and maintaining software products. The programmatic and product complexity inherent in software supply chains increases the risk that defects, vulnerabilities, and malicious code will be inserted into a delivered software product. As a result, effective risk management is essential for establishing and maintaining software supply-chain assurance over time. The Software Engineering Institute (SEI) is developing a systemic approach for assessing and managing software supply-chain risks. This paper highlights the basic approach being implemented by SEI researchers and provides a summary of the status of this work.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2003
Accession Number
AD1171124

Entities

People

  • Audrey J. Dorofee
  • Carol C. Woody
  • Christopher J. Alberts
  • Rita Creel
  • Robert J. Ellison

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Acquisition
  • Computer Programming
  • Computer Programs
  • Contracts
  • Engineering
  • Environment
  • Geographic Regions
  • Life Cycles
  • Reliability
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Software Development
  • Standards
  • Supply Chain
  • System Of Systems
  • Systems Engineering
  • United States
  • Vulnerability

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Defense Technology Research and Development.
  • Software Engineering.