Accession Number:

ADA522538

Title:

Evaluating and Mitigating Software Supply Chain Security Risks

Descriptive Note:

Final rept.

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Report Date:

2010-05-01

Pagination or Media Count:

50.0

Abstract:

The Department of Defense DoD is concerned that security vulnerabilities could be inserted into software that has been developed outside of the DoDs supervision or control. This report presents an initial analysis of how to evaluate and mitigate the risk that such unauthorized insertions have been made. The analysis is structured in terms of actions that should be taken in each phase of the DoD acquisition life cycle

Subject Categories:

  • Administration and Management
  • Computer Programming and Software
  • Computer Systems
  • Computer Systems Management and Standards
  • Logistics, Military Facilities and Supplies

Distribution Statement:

APPROVED FOR PUBLIC RELEASE