Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Evaluating and Mitigating Software Supply Chain Security Risks

  • Abstract

    The Department of Defense (DoD) is concerned that security vulnerabilities could be inserted into software that has been developed outside of the DoD’s supervision or control. This report presents an initial analysis of how to evaluate and mitigate the risk that such unauthorized insertions have been made. The analysis is structured in terms of actions that should be taken in each phase of the DoD acquisition life cycle.

  • Download

Cite This Report

SEI

Ellison, Robert; Goodenough, John; Weinstock, Charles; & Woody, Carol. Evaluating and Mitigating Software Supply Chain Security Risks (CMU/SEI-2010-TN-016). Software Engineering Institute, Carnegie Mellon University, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9337

IEEE

Ellison. Robert, Goodenough. John, Weinstock. Charles, and Woody. Carol, "Evaluating and Mitigating Software Supply Chain Security Risks," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2010-TN-016, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9337

APA

Ellison, Robert., Goodenough, John., Weinstock, Charles., & Woody, Carol. (2010). Evaluating and Mitigating Software Supply Chain Security Risks (CMU/SEI-2010-TN-016). Retrieved December 22, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9337

CHI

Robert Ellison, John Goodenough, Charles Weinstock, & Carol Woody. Evaluating and Mitigating Software Supply Chain Security Risks (CMU/SEI-2010-TN-016). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9337

MLA

Ellison, Robert., Goodenough, John., Weinstock, Charles., & Woody, Carol. 2010. Evaluating and Mitigating Software Supply Chain Security Risks (Technical Report CMU/SEI-2010-TN-016). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9337