Advanced Search

Content Type

Topics

Publication Date

Data-Driven Software Assurance: A Research Study

Abstract

Software vulnerabilities are defects or weaknesses in a software system that if exploited can lead to compromise of the control of a system or the information it contains. The problem of vulnerabilities in fielded software is pervasive and serious. In 2012, Software Engineering Institute (SEI) researchers began investigating vulnerabilities reported to the SEI's CERT® Division and determined that a large number of significant and pernicious software vulnerabilities likely had their origins early in the software development life cycle, in the requirements and design phases. A research project was launched to investigate design-related vulnerabilities and quantify their effects. The Data-Driven Software Assurance project examined the origins of design vulnerabilities, their mitigations, and the resulting economic implications. Stage 1 of the project included three phases: 1) conduct of a mapping study and literature review, 2) conduct of detailed vulnerability analyses, and 3) development of an initial economic model. The results of Stage 1 indicate that a broader initial focus on secure design yields substantial benefits to both the developer and operational communities and point to ways to intervene in the software development life cycle (or operations) to mitigate vulnerabilities and their impacts. This report describes Stage 1 activities and outlines plans for follow-on work in Stage 2.

Cite This Report

Show Citation Formats

SEI

Konrad, Michael; Manion, Art; Moore, Andrew; Mullaney, Julia; Nichols, William; Orlando, Michael; & Harper, Erin. Data-Driven Software Assurance: A Research Study (CMU/SEI-2014-TR-010). Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=90086

IEEE

Konrad. Michael, Manion. Art, Moore. Andrew, Mullaney. Julia, Nichols. William, Orlando. Michael, and Harper. Erin, "Data-Driven Software Assurance: A Research Study," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2014-TR-010, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=90086

APA

Konrad, Michael., Manion, Art., Moore, Andrew., Mullaney, Julia., Nichols, William., Orlando, Michael., & Harper, Erin. (2014). Data-Driven Software Assurance: A Research Study (CMU/SEI-2014-TR-010). Retrieved October 24, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=90086

CHI

Michael Konrad, Art Manion, Andrew Moore, Julia Mullaney, William Nichols, Michael Orlando, & Erin Harper. Data-Driven Software Assurance: A Research Study (CMU/SEI-2014-TR-010). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=90086

MLA

Konrad, Michael., Manion, Art., Moore, Andrew., Mullaney, Julia., Nichols, William., Orlando, Michael., & Harper, Erin. 2014. Data-Driven Software Assurance: A Research Study (Technical Report CMU/SEI-2014-TR-010). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=90086