Software Engineering Institute

Integration and incorporation of COTS components into legacy and emerging systems has never been more attractive in the information industry. The COTS marketplace has become very competitive with the increased number of vendors and the increasing number of products offered. This, combined with ever increasing pressures to deliver systems sooner and cheaper, has only hastened the call to use COTS. However, it is also important to recognize that most markets are driven by that which can be sold to the largest audience, and that audience may not always share the same perspective or notional model as that of any one buyer (in this case the system integrator). Security is one such area of interest that managers and system integrators must address. Each may find themselves in dire straits trying to reconcile what the market has to offer and what the needs are of the information system. This monograph offers a "heads-up" to decision makers who are building information systems that have security constraints, who feel the market imperatives, and who want to make opportunistic use of what the market has to offer.