مرکز منطقه ای اطلاع رساني علوم و فناوري - Supply chain risk management - Understanding vulnerabilities in code you buy, build, or integrate

DocumentCode :

1887984

Title :

Supply chain risk management - Understanding vulnerabilities in code you buy, build, or integrate

Author :

Croll, Paul R.

Author_Institution :

CSC, King George, VA, USA

fYear :

2011

fDate :

4-7 April 2011

Firstpage :

194

Lastpage :

200

Abstract :

This paper describes the scope of the problem regarding software vulnerabilities and the current state of the practice in static code analysis for software assurance. Recommendations are made regarding the use of static analysis methods and tools during the software life. Static code analysis touch points in during life cycle reviews and challenges to automated static code analysis are also discussed.

Keywords :

risk management; software management; supply chain management; automated static code analysis; software assurance; software life; software vulnerabilities; supply chain risk management; Documentation; Inspection; Manuals; Schedules; Security; Software; Supply chains; code analysis; code analysis tools; life cycle; security; security risk management; software assurance; software engineering; static code analysis; system assurance; systems engineering; vulnerabilities; weaknesses;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Systems Conference (SysCon), 2011 IEEE International

Conference_Location :

Montreal, QC

Print_ISBN :

978-1-4244-9494-1

Type :

conf

DOI :

10.1109/SYSCON.2011.5929123

Filename :

5929123

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1887984