Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Showing 1 - 10 of 29 results for the Supply Chain Assurance

CERT Research Report | September 2011 - CERT Research Report Supply Chain Assurance Overview By Robert J. Ellison, Christopher J. Alberts, Rita C. Creel, Audrey J. Dorofee, Carol Woody

In this section of the research report, the authors attempt to integrate development and acquisition practices with risk-based evaluations and mitigations.

Collection | January 2017 - Collection Cybersecurity Engineering Research: Supply Chain and ...

This research focuses on methods for analyzing security-related design weaknesses that cannot be corrected easily during operations.

White Paper | May 2013 - White Paper A Systemic Approach for Assessing Software Supply-Chain ... By Audrey J. Dorofee, Carol Woody, Christopher J. Alberts, Rita C. Creel, Robert J. Ellison

In this paper, the authors highlight the approach being implemented by SEI researchers and provides a summary of the status of this work.

Article | May 2017 - Article Assessing DoD System Acquisition Supply Chain Risk ... By John Haller, Charles M. Wallen, Carol Woody - PhD, Christopher J. Alberts

In this Crosstalk article, the authors discuss the growing challenge of cyber risks in the defense supply chain.

Presentation | March 2017 - Presentation Risks in the Software Supply Chain By Mark Sherman

This presentation describes the parts of the software supply chain, how vulnerabilities have been introduced, and the actions developers can employ to avoid or mitigate the risks inherent in an assembly-based software development strategy.

CERT Research Report | September 2011 - CERT Research Report Software Security Assurance Overview

In this section of the research report, the authors summarize the research that focuses on addressing security in early phases of acquisition and software development.

Technical Note | December 2010 - Technical Note Software Supply Chain Risk Management: From Products to ... By Robert J. Ellison, Christopher J. Alberts, Rita C. Creel, Audrey J. Dorofee, Carol Woody

In this report, the authors consider current practices in software supply chain analysis and suggest some foundational practices.

Technical Note | July 2012 - Technical Note Supporting the Use of CERT Secure Coding Standards in ... By Timothy Morrow, Robert C. Seacord, John K. Bergey, Philip Miller

In this report, the authors provide guidance for helping DoD acquisition programs address software security in acquisitions.

Technical Note | January 2014 - Technical Note A Proven Method for Identifying Security Gaps in International ... By Greg Crabb (United States Postal Service), Julia H. Allen, Pamela D. Curtis, Nader Mehravari

In this report, the authors describe a method of identifying physical security gaps in international mail processing centers and similar facilities.

Technical Note | January 2014 - Technical Note Improving the Security and Resilience of US Postal Service ... By Greg Crabb (United States Postal Service), Julia H. Allen, Nader Mehravari, Pamela D. Curtis

In this report, the authors describe how to improve the resilience of U.S. Postal Service products and services