Vulnerability and Remediation for a High Assurance Web-Based Enterprise

reportActive / Technical Report | Accesssion Number: AD1123774 | Open PDF

Abstract:

A process for fielding vulnerability free software in the enterprise is discussed. This process involves testing for known vulnerabilities, generic penetration testing and threat specific testing coupled with a strong flaw remediation process. The testing may be done by the software developer or certified testing laboratories. The goal is to mitigate all known vulnerabilities and exploits, and to be responsive in mitigating new vulnerabilities and/or exploits as they are discovered. The analyses are reviewed when new or additional threats are reviewed and prioritized with mitigation through the flaw remediation process, changes to the operational environment or the addition of additional controls or products). This process is derived from The Common Criteria for Information Technology Security Evaluation, Common Evaluation Methodology which covers both discovery and remediation. The process has been modified for the USAF enterprise.

Author(s):
Simpson, William R. ; Chandersekaran, Coimbatore
Author Organization(s):
INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA
Funding Organization(s):
Publication Date:
2014 Apr 28
Pagination:
0

Security Markings

RECORD

Collection: TRECMS
Subject Terms
Modernization Areas:
Cyber
Communities of Interest:
Cyber
Descriptor(s):
information systems, software development, computer network security, computers, security, computer programming, computer programs, standards, contracts, web applications, air force, computer networks, computer science, engineering, environment, governments, systems engineering
Keyword(s):
Threat Mitigation, Penatration Testing, Flaw Remediation
Subject Categories:
Behavioral and Social Sciences; Mathematical and Computer Sciences
Update Date:
2021 Mar 03