A Systemic Approach for Assessing Software Supply-Chain Risk
2011
In today's business environment, multiple organizations must routinely work together in software supply chains when acquiring, developing, operating, and maintaining software products. The programmatic and product complexity inherent in software supply chains increases the risk that defects, vulnerabilities, and malicious code will be inserted into a delivered software product. As a result, effective risk management is essential for establishing and maintaining software supply-chain assurance over time. The Software Engineering Institute (SEI) is developing a systemic approach for assessing and managing software supply-chain risks. This paper highlights the basic approach being implemented by SEI researchers and provides a summary of the status of this work.
Keywords:
- Software construction
- Software peer review
- Social software engineering
- Software engineering
- Management science
- Software deployment
- Systems engineering
- Package development process
- Software Engineering Process Group
- Software quality analyst
- Software development
- Computer science
- Software requirements
- Knowledge management
- Risk analysis (engineering)
- Personal software process
- Software quality control
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
10
References
13
Citations
NaN
KQI