Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Software Supply Chain Risk Management: From Products to Systems of Systems

  • Abstract

    Supply chains are usually thought of as manufacturing and delivering physical items, but there are also supply chains associated with the development and operation of a software system. Software supply chain research does not have decades of evidence to draw on, as with physical-item supply chains. Taking a systems perspective on software supply chain risks, this report considers current practices in software supply chain analysis and suggests some foundational practices. The product and supplier selection criteria for system development depend on how a product is used in a system. While many of the criteria for the selection of product suppliers and system development contractors are the same, there is also a significant difference between these kinds of acquisitions. Product development is completed in advance of an acquirer’s product and supplier assessment. There is no guarantee that current supplier development practices were used for a specific product. For custom system acquisitions, acquirers can and should actively monitor both contractor and product supply chain risks during development. This report suggests contractor and acquirer activities that support the management of supply chain risks.

  • Download

Cite This Report

SEI

Ellison, Robert; Alberts, Christopher; Creel, Rita; Dorofee, Audrey; & Woody, Carol. Software Supply Chain Risk Management: From Products to Systems of Systems. CMU/SEI-2010-TN-026. Software Engineering Institute, Carnegie Mellon University. 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9377

IEEE

Ellison. Robert, Alberts. Christopher, Creel. Rita, Dorofee. Audrey, and Woody. Carol, "Software Supply Chain Risk Management: From Products to Systems of Systems," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2010-TN-026, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9377

APA

Ellison, Robert., Alberts, Christopher., Creel, Rita., Dorofee, Audrey., & Woody, Carol. (2010). Software Supply Chain Risk Management: From Products to Systems of Systems (CMU/SEI-2010-TN-026). Retrieved September 30, 2016, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9377

CHI

Robert Ellison, Christopher Alberts, Rita Creel, Audrey Dorofee, & Carol Woody. Software Supply Chain Risk Management: From Products to Systems of Systems (CMU/SEI-2010-TN-026). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9377

MLA

Ellison, Robert., Alberts, Christopher., Creel, Rita., Dorofee, Audrey., & Woody, Carol. 2010. Software Supply Chain Risk Management: From Products to Systems of Systems (Technical Report CMU/SEI-2010-TN-026). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9377

BibTex

@techreport{EllisonSoftwareSupply2010,
title={Software Supply Chain Risk Management: From Products to Systems of Systems},
author={Robert Ellison and Christopher Alberts and Rita Creel and Audrey Dorofee and Carol Woody},
year={2010},
number={CMU/SEI-2010-TN-026},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9377} }