Abstract :
Those who acquire, build, and manage large-scale systems and systems of systems, recognize the complex supply chain they represent, consisting of proprietary and open-source software, legacy systems, hardware, and firmware; from multiple suppliers who employ people from around the world. As a result, the threat to today´s systems is present across the full system lifecycle. System assurance can be viewed as the level of confidence that the system functions as intended and is free of exploitable vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system. Engineering practices that support such confidence at all phases of the life cycle are key to the systems assurance paradigm and to national security. This paper addresses joint industry and government efforts to understand the strengths and weaknesses of current engineering practices with respect to system assurance, and recommendations for improvement. It covers the definition of the problem, results from several joint Industry/Government Forums addressing issues in systems assurance, collaboration efforts with industry consortia and standards bodies, and the current guidance for system acquirers and system developers.
Keywords :
firmware; large-scale systems; national security; public domain software; software reliability; firmware system; government; hardware system; industry consortia; large-scale systems; legacy systems; national security; open-source software; supply chain; system developers; systems assurance; systems of systems; Government; Hardware; Large-scale systems; Microprogramming; National security; Open source software; Software systems; Supply chain management; Supply chains; Systems engineering and theory;
