Evaluating and Mitigating Software Supply Chain Security Risks

Abstract

The Department of Defense (DoD) is concerned that security vulnerabilities could be inserted into software that has been developed outside of the DoD's supervision or control. This report presents an initial analysis of how to evaluate and mitigate the risk that such unauthorized insertions have been made. The analysis is structured in terms of actions that should be taken in each phase of the DoD acquisition life cycle

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2010
Accession Number
ADA522538

Entities

People

  • Carol C. Woody
  • Charles Weinstock
  • John B. Goodenough
  • Robert J. Ellison

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Application Software
  • Business Administration
  • Computer Programming
  • Computers
  • Life Cycles
  • Logistics
  • Management Personnel
  • Operating Systems
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Software Design
  • Software Development
  • Supply Chain
  • Supply Chain Integrity

Readers

  • Cybersecurity.
  • Life Cycle Cost Analysis
  • Software Engineering