COTS in the Real World: A Case Study in Risk Discovery and Repair.

Abstract

Like many organizations in both the public and private sectors, the U.S. Department of Defense (DoD) is committed to a policy of using commercial off-the-shelf (COTS) components in new systems, particularly information systems. However, the DoD also has a long-standing set of security needs for its systems, and the pressure to adopt COTS components can come into conflict with those security constraints. The major elements of this conflict are the DoD's overall approach to system security on one hand and the economic forces that drive the component industry on the other. As DoD managers and system integrators look to the COTS marketplace for components to satisfy more security requirements, this conflict becomes more prominent. In this report, we describe an actual product evaluation where just such a conflict occurred, examine why that conflict exists, and outline the corrective steps that were taken.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 1999
Accession Number
ADA366088

Entities

People

  • Daniel Piakosh
  • Scott A. Hissam

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Advanced Electronics
  • Autonomy
  • Human Systems

DTIC Thesaurus Topics

  • Case Studies
  • Computer Networks
  • Computer Programming
  • Computers
  • Department Of Defense
  • Device Drivers
  • Electronic Mail
  • Engineering
  • Governments
  • Guarantees
  • Homosexuality
  • Information Science
  • Intellectual Property
  • Network Protocols
  • Operating Systems
  • Security
  • Software Development

Fields of Study

  • Computer science

Readers

  • Defense Technology Research and Development.
  • Military and Counterinsurgency Studies.
  • Software Engineering