State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation
Abstract
Unintentional and intentionally inserted vulnerabilities in software can provide adversaries with various avenues to reduce system effectiveness, render systems useless, or even use our systems against us. Unfortunately, it can be difficult to determine what types of tools and techniques exist for evaluating software, and where their use is appropriate. This paper is written to enable DoD program managers (PMs), and their staff, to make effective software assurance and software supply chain risk management (SCRM) decisions, particularly when they are developing and executing their program protection plan (PPP). A secondary purpose is to inform DoD policymakers who are developing software policies. This paper describes a possible overall process for selecting and using appropriate analysis tool/technique types for evaluating software: (1) Select technical objectives based on context; (2) Select tool/technique types to address those technical objectives; (3) Select tools/techniques; (4) Summarize selection as part of a Program Protection Plan (PPP); (5) Apply the tools/techniques and report the results.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 01, 2014
- Accession Number
- ADA607954
Entities
People
- David A. Wheeler
- E. K. Fong
- Gregory Larsen
- Rama S. Moorthy
Organizations
- Institute for Defense Analyses