Date of Original Version

5-2010

Type

Technical Report

Abstract or Table of Contents

The Department of Defense (DoD) is concerned that security vulnerabilities could be inserted into software that has been developed outside of the DoD's supervision or control. This report presents an initial analysis of how to evaluate and mitigate the risk that such unauthorized insertions have been made. The analysis is structured in terms of actions that should be taken in each phase of the DoD acquisition life cycle.

Comments

CMU/SEI-2010-TN-016

Share

COinS