A Framework for Managing Security Risk Across the Lifecycle and Supply Chain

Abstract

Software is everywhere. You're getting a software platform. Software is a part of almost everything we use. Software defines and delivers component and system communication. Software is used to build, analyze and secure software. All software has defects. Best-in-class code has <600 defects per million lines of code (MLOC). Good code has around 1000 defects per MLOC. Average code has around 6000 defects per MLOC. Most software defects are found long after they are introduced. Supply Chain/Acquisition risk is increasing. Acquisition Security Framework (ASF) is a framework for managing security risk across the lifecycle and supply chain. The challenge is integrated security and supplier risk management across the organization.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 23, 2023
Accession Number
AD1210418

Entities

People

  • Christopher J. Alberts

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Acquisition
  • Aircraft Industry
  • Business Administration
  • Cybersecurity
  • Department Of Defense
  • Engineering
  • Failure Mode And Effect Analysis
  • Materials
  • Mobile Phones
  • Program Management
  • Risk
  • Risk Analysis
  • Risk Management
  • Risk Reduction
  • Security
  • Software Development
  • Supply Chain
  • Test And Evaluation
  • United States
  • Universities
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Aviation Safety Risk Assessment.
  • Software Engineering.