Software Supply Chain Risks to DevSecOps Programs

Abstract

New model for software engineering and system operations for DoD. Still being developed and refined as we speak! DevSecOps-based weapons systems have not seen significant use in highly adversarial settings. What happens when they face a confluence of adverse events? Adoption of open-source software vs COTS/GOTS. What are the weak points in DevSecOps software supply chain? What are the worst-case scenarios if these weak points are exploited?

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2021
Accession Number
AD1174680

Entities

People

  • Aaron Reffett
  • Richard Laughlin

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Weapons Technologies

DTIC Thesaurus Topics

  • Commerce
  • Computers
  • Containers
  • Department Of Defense
  • Engineering
  • Governments
  • Infrastructure
  • Materials
  • Mobile Devices
  • Monitoring
  • Normal Distribution
  • Open Source Software
  • Platforms
  • Risk
  • Risk Analysis
  • Security
  • Software Development
  • Supply Chain
  • Telemetry
  • Universities

Fields of Study

  • Computer science
  • Engineering

Readers

  • East Asian Political and Security Studies within the Soviet Union
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.
  • Theoretical Analysis.