The Impact of Contextual Factors on the Security of Code

Abstract

Non-technical decisions made in policy, acquisition, governance, resources, processes, and every other aspect of managing software have a direct impact on the resulting operational security. However, these relationships are hidden because the structures we use to govern and organize software do not highlight the security decisions made throughout the life cycle and connect them to the ultimate results. As a result of this obscurity, seemingly appropriate choices result in unacceptable operational security risks because none of the participants recognize the cause and effect linkages.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 30, 2014
Accession Number
ADA617283

Entities

People

  • Carol C. Woody
  • Dan Shoemaker

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Acquisition
  • Business Administration
  • Commerce
  • Computer Programming
  • Configuration Management
  • Contracts
  • Control Systems
  • Engineering
  • Materials
  • Process Engineering
  • Production
  • Risk
  • Security
  • Software Development
  • Supply Chain
  • Systems Engineering
  • United States

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.
  • Theoretical Analysis.