Carol Woody

Supply-Chain Risk Management: Incorporating Security into Software Development

As outsourcing and expanded use of commercial off-the-shelf (COTS) products increase, supply-chain risk becomes a growing concern for software acquisitions. Supply-chain risks for hardware procurement include manufacturing and delivery disruptions, and the substitution of counterfeit or substandard components. Software supply-chain risks include third-party tampering with a product during development or delivery, and, more likely, a compromise of the software assurance through the introduction of software defects. This paper describes practices that address such defects and mechanisms for introducing these practices into the acquisition life cycle. The practices improve the likelihood of predictable behavior by systematically analyzing data flows to identify assumptions and using knowledge of attack patterns and vulnerabilities to analyze behavior under conditions that an attacker might create.

Repertoires of collaboration for common operating pictures of disasters and extreme events

Disasters are dynamic, emergent scenarios involving diverse stakeholders in complex decision making and as such, disaster response systems must account for these conditions. We suggest that emergency service agencies should consider supplementing their traditional command and control approaches and common operating pictures (COP), with purposeful collaborative approaches. These would facilitate the generation of common operating pictures incorporating dynamic and emergent characteristics, providing a range of options with which to better respond to disasters. Collaborative management and negotiated integration of information represent a paradigmatic shift in our thinking about disaster response. We have utilized McCann’s (1983) Social Problem Solving Negotiated Arrangements (SPS-NA) to highlight problems with conventional approaches during three disaster scenarios. As a result of lessons learned from this analysis we suggest that developing supplementary repertoires of collaboration would have a positive impact on improved COP for effective disaster response outcomes.

Foundations for Software Assurance

Our societys growing dependence on software makes the need for effective software assurance imperative. Motivation to address software assurance requires, at a minimum, an understanding of what to do, how to go about it, and why it is needed. Two key foundation elements are principles for software assurance and a curriculum to educate those who must address this need. This paper highlights efforts underway to address both of these elements.

A Systemic Approach for Assessing Software Supply-Chain Risk

In todays business environment, multiple organizations must routinely work together in software supply chains when acquiring, developing, operating, and maintaining software products. The programmatic and product complexity inherent in software supply chains increases the risk that defects, vulnerabilities, and malicious code will be inserted into a delivered software product. As a result, effective risk management is essential for establishing and maintaining software supply-chain assurance over time. The Software Engineering Institute (SEI) is developing a systemic approach for assessing and managing software supply-chain risks. This paper highlights the basic approach being implemented by SEI researchers and provides a summary of the status of this work.

Repertoires of Collaboration for Disaster Management: Negotiating Emergent and Dynamic Systems Success

Disasters are emergent and dynamic scenarios involving diverse stakeholders in complex decision making and as such, disaster management systems must account for these conditions. In order to more effectively design, build and adopt these systems we suggest that emergency service agencies should consider supplementing their traditional “command and control” approaches and common operating pictures (CoP), with purposeful “collaborative” approaches. These would facilitate the generation of a dynamic operating picture (DoP), providing a range of systems options with which to better manage disasters. Collaborative management and negotiated integration of technology and information use as well as process development, represent a paradigmatic shift in our thinking about disaster management. We have utilized McCann’s (1983) Negotiated Arrangements Theory (NAT) to highlight issues and problems with traditional command and control approaches and CoP, during three disaster scenarios. As a result of lessons learned from this analysis we suggest that developing a supplementary “repertoires of collaboration” approach to the negotiation of DoP for disaster management, would have a positive impact on disaster management outcomes.

System of systems analysis of catastrophic events: A preliminary investigation of unprecedented scenarios

When catastrophes occur, what key dynamics take place? How do these dynamics affect our technical infrastructure, and how can we understand these patterns of failure in order to better build and operate future technologies and systems of systems? What happens when catastrophes are unprecedented and the known range of emergency response activities is ineffective? This research analyzes multiple catastrophes, viewed through designated lenses, with consideration of how systems of systems fail, as well as the implications for future systems of systems. In this phase we studied two cases, Hurricane Katrina and 9/11, representing threats from natural forces and terrorism. The lens used is the Generic Error Modeling System (GEMS). The GEMS framework helps us to understand types of errors that occur in operational situations and distinguishes among skill-, rule-, and knowledge-based modes. We report on key findings in three areas: (1) the problematic role that technology plays given its fragility and dominance, (2) a coordination and centralization effect, and (3) the failure to consider failure.

Predicting cybersecurity using quality data

Within the process of system development and implementation, programs assemble hundreds of different metrics for tracking and monitoring software such as budgets, costs and schedules, contracts, and compliance reports. Each contributes, directly or indirectly, toward the cybersecurity assurance of the results. The Software Engineering Institute has detailed size, defect, and process data on over 100 software development projects. The projects include a wide range of application domains. Data from five projects identified as successful safety-critical or security-critical implementations were selected for cybersecurity consideration. Material was analyzed to identify a possible correlation between modeling quality and security and to identify potential predictive cybersecurity modeling characteristics. While not a statistically significant sample, this data indicates the potential for establishing benchmarks for ranges of quality performance (for example, defect injection rates and removal rates and test yields) that provide a predictive capability for cybersecurity results.

The Landscape of Software Assurance—Participating Organizations and Technologies

The goal of our software assurance (SwA) landscape project is to create a usable framework that describes assurance participants, assurance technologies, and their contributions to accelerate the formation and adoption of solutions to the SwA challenges within the DoD and other government organizations. The SwA landscape is constantly changing as a growing group of organizations attempt to address its challenges as well as the technologies available to address it. To aid in identifying avenues for addressing assurance and to accelerate the adoption of solutions, the Carnegie Mellon ® Software Engineering Institute (SEI) is developing a way to characterize the current portfolio of assurance participants, available solutions, and their interrelationships along with the contributions each makes to assurance. We expect this to be an on-going effort as new technologies are made available and our knowledge about participants and current technology expands. Accordingly, we are developing a structure that can be refreshed periodically as the SwA landscape changes. For this paper we describe our approach for developing the current version of the framework, the elements of the characterization structure, and the reasoning behind the structure choices.

Measuring Software Assurance

Assurance is not a specific thing that can be easily measured and monitored. It is an emerging composition of a variety of independently collected data elements that come from loosely linked software life cycle activities. As a system emerges from concept to high-level design to architecture to detailed design to code to components to implementation there is a huge amount of information that is assembled in artifacts, text, and evaluation outputs. This paper proposes a framework for making sense of these pieces to monitor and manage assurance. An example is provided to show how the framework can be applied to evaluating tainted and counterfeit products.

Advances in Software Engineering and Software Assurance

Abstract In this chapter, the authors describe the evolution of software engineering (SE) and software assurance (SwA) from the days of punch cards until today. The authors create the backdrop for this development by describing the environment over the last 50 years. Technological advances during that period include the creation of programming languages, personal computers, the intranet, organized incident management, structured programming, and complex software applications. Impacts of these advances, including the massive growth of the Internet and software-intensive products, transformed everyday lives. While these changes were happening, cyberattacks were also growing. Dating back to the late 1960s when phone systems were attacked, society has been affected by the “dark side” of computer technology. Computer viruses and malware are a common aspect of todays landscape. To protect us and our data, laws that govern the protection of computer data were created and developed. Likewise, organizations and approaches for finding and addressing cyberattacks were established and grown. Education has supported this radically changing environment through the development of educational programs in industry and academia, including bachelors and masters degree programs. SE education responded to the advancing technology, resulting in a new profession. SwA education responded to the failures of industry to develop quality software, including security challenges that arose as technology was used and exploited.