Supply-Chain Risk Management: Incorporating Security into Software Development

Robert J. Ellison, Carol Woody
<span title="">2010</span> <i title="IEEE"> <a target="_blank" rel="noopener" href="" style="color: black;">2010 43rd Hawaii International Conference on System Sciences</a> </i> &nbsp;
As outsourcing and expanded use of commercial off-the-shelf (COTS) products increase, supplychain risk becomes a growing concern for software acquisitions. Supply-chain risks for hardware procurement include manufacturing and delivery disruptions, 1 and the substitution of counterfeit or substandard components. Software supply-chain risks include third-party tampering with a product during development or delivery, and, more likely, a compromise of the software assurance through the introduction
more &raquo; ... of software defects. This paper describes practices that address such defects and mechanisms for introducing these practices into the acquisition life cycle. The practices improve the likelihood of predictable behavior by systematically analyzing data flows to identify assumptions and using knowledge of attack patterns and vulnerabilities to analyze behavior under conditions that an attacker might create.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="">doi:10.1109/hicss.2010.355</a> <a target="_blank" rel="external noopener" href="">dblp:conf/hicss/EllisonW10</a> <a target="_blank" rel="external noopener" href="">fatcat:2log5y7v3reqzpcd4zywjzboby</a> </span>
<a target="_blank" rel="noopener" href="" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href=""> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> </button> </a>