State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation
INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA
Pagination or Media Count:
Unintentional and intentionally inserted vulnerabilities in software can provide adversaries with various avenues to reduce system effectiveness, render systems useless, or even use our systems against us. Unfortunately, it can be difficult to determine what types of tools and techniques exist for evaluating software, and where their use is appropriate. This paper is written to enable DoD program managers PMs, and their staff, to make effective software assurance and software supply chain risk management SCRM decisions, particularly when they are developing and executing their program protection plan PPP. A secondary purpose is to inform DoD policymakers who are developing software policies. This paper describes a possible overall process for selecting and using appropriate analysis tooltechnique types for evaluating software 1 Select technical objectives based on context 2 Select tooltechnique types to address those technical objectives 3 Select toolstechniques 4 Summarize selection as part of a Program Protection Plan PPP 5 Apply the toolstechniques and report the results.
- Computer Programming and Software
- Computer Systems Management and Standards
- Logistics, Military Facilities and Supplies