What Measures Do Vendors Use for Software Assurance?

Abstract

Books and articles frequently exhort developers to build secure software by designing security in. A few large companies (most notably Microsoft) have completely reengineered their development process to include a focus on security. However, for all except the largest vendors, software security (or software assurance) is a relatively recent phenomenon, and one with an uncertain payoff. In this paper, we examine what real vendors do to ensure that their products are reasonably secure. Our conclusion is that software vendors put significant energy into software security, but there is significant variation in where they invest their money

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2009
Accession Number
AD1180054

Entities

People

  • Jeremy Epstein

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Biomedical
  • Cyber

DTIC Thesaurus Topics

  • Acquisition
  • Best Practices
  • Commerce
  • Computer Programming
  • Computer Programs
  • Computers
  • Cybersecurity
  • Electronic Commerce
  • Governments
  • Motivation
  • Operating Systems
  • Procurement
  • Product Development
  • Security
  • Software Assurance
  • Software Development
  • Training

Fields of Study

  • Computer science
  • Engineering

Readers

  • Database Systems and Applications
  • Economics
  • Organizational Process Management (OPM).