Title :
Supply-Chain Risk Management: Incorporating Security into Software Development
Author :
Ellison, Robert J. ; Woody, Carol
Abstract :
As outsourcing and expanded use of commercial off-the-shelf (COTS) products increase, supply-chain risk becomes a growing concern for software acquisitions. Supply-chain risks for hardware procurement include manufacturing and delivery disruptions, and the substitution of counterfeit or substandard components. Software supply-chain risks include third-party tampering with a product during development or delivery, and, more likely, a compromise of the software assurance through the introduction of software defects. This paper describes practices that address such defects and mechanisms for introducing these practices into the acquisition life cycle. The practices improve the likelihood of predictable behavior by systematically analyzing data flows to identify assumptions and using knowledge of attack patterns and vulnerabilities to analyze behavior under conditions that an attacker might create.
Keywords :
DP industry; data flow analysis; risk management; security of data; software engineering; software packages; supply chain management; attack patterns; commercial off-the-shelf products; data flows; software acquisitions; software assurance; software defects; software development; supply-chain risk management; third-party tampering; Counterfeiting; Data analysis; Hardware; Manufacturing; Outsourcing; Pattern analysis; Procurement; Programming; Risk management; Security;
Conference_Titel :
System Sciences (HICSS), 2010 43rd Hawaii International Conference on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4244-5509-6
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2010.355
