Software Engineering Institute

Today's large-scale, highly distributed, networked systems improve the efficiency and effectiveness of organizations by permitting whole new levels of organizational integration. However, such integration is accompanied by elevated risks of intrusion and compromise. Incorporating survivability capabilities into an organization's systems can mitigate these risks. Current software development life-cycle models are not focused on creating survivable systems, and exhibit shortcomings when the goal is to develop systems with a high degree of assurance of survivability. If addressed at all, survivability issues are often relegated to a separate thread of project activity, with the result that survivability is treated as an add-on property. For each life-cycle activity, survivability goals should be addressed, and methods to ensure survivability incorporated.  

This report explains survivability concepts, describes a software development life-cycle model for survivability, and illustrates techniques that can be applied during new development activities to support survivability goals. It also describes a software life-cycle model and associated activities to support survivability goals for systems based on commercial off-the-shelf products.