Assessing Software Quality Using a Risk-Based Methodology

Abstract

On May 12, 2021, President Biden signed the Executive Order on Improving the Nations Cybersecurity. This order was part of the U.S. Governments response to the well-publicized attacks on SolarWinds and Microsoft software, as well as attacks targeting critical U.S. infrastructure such as the Colonial Pipeline. These attacks, while widely covered in the media, are among the numerous and ongoing attacks happening on key U.S. assets. President Biden's executive order calls on software suppliers to dramatically improve protective measures within their products to thwart our adversaries. Realizing that today's code quality issues are tomorrow's zero-day (i.e. novel) cybersecurity exploits, the importance of the risks posed by poor code quality are now more salient than ever. The SEI has developed a framework for assessing the risk of poor code quality in embedded systems utilized by the DoD and others. This framework may be applicable for assessing code quality risks in wider U.S. infrastructure components as well.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2023
Accession Number
AD1204982

Entities

People

  • Jay Marchetti
  • Michael Riley

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Computer Programming
  • Computer Programs
  • Consistency
  • Copyrights
  • Department Of Defense
  • Embedded Systems
  • Engineering
  • Executives
  • Fault Tolerance
  • Governments
  • Guarantees
  • Infrastructure
  • Materials
  • Security
  • Software Development
  • Standards
  • United States
  • Universities

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Software Engineering.
  • Strategic Security Studies

Technology Areas

  • Cyber