• DocumentCode
    2598258
  • Title

    A Systemic Approach for Assessing Software Supply-Chain Risk

  • Author

    Alberts, Christopher J. ; Dorofee, Audrey J. ; Creel, Rita ; Ellison, Robert J. ; Woody, Carol

  • fYear
    2011
  • fDate
    4-7 Jan. 2011
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    In today´s business environment, multiple organizations must routinely work together in software supply chains when acquiring, developing, operating, and maintaining software products. The programmatic and product complexity inherent in software supply chains increases the risk that defects, vulnerabilities, and malicious code will be inserted into a delivered software product. As a result, effective risk management is essential for establishing and maintaining software supply-chain assurance over time. The Software Engineering Institute (SEI) is developing a systemic approach for assessing and managing software supply-chain risks. This paper highlights the basic approach being implemented by SEI researchers and provides a summary of the status of this work.
  • Keywords
    DP industry; business data processing; risk management; security of data; software maintenance; supply chain management; business environment; malicious code; product complexity; risk management; software engineering institute; software product maintenance; software supply chain risk; Driver circuits; Risk management; Sociotechnical systems; Software; Software engineering; Supply chains;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences (HICSS), 2011 44th Hawaii International Conference on
  • Conference_Location
    Kauai, HI
  • ISSN
    1530-1605
  • Print_ISBN
    978-1-4244-9618-1
  • Type

    conf

  • DOI
    10.1109/HICSS.2011.36
  • Filename
    5718996
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2598258