There is no single, recognized framework to organize research and practice areas focused on building assured systems (BAS). Sponsors of the CERT Program's research could use such a framework to help address the following challenges, including customer "pain points" and general research problems:
- How do I decide which security methods fit into a specific life-cycle activity?
- How do I know if a specific security method is sufficiently mature for me to use on my projects?
- When should I take a chance on a security research approach that has not been widely used?
- What actions can I take when I have no approach or method for prioritizing and selecting new research or when promising research appears to be unrelated to other research in the field?
Such a framework could also help organize CERT research