search menu icon-carat-right cmu-wordmark

Assuring Software Systems Security: Life Cycle Considerations for Government Acquisitions

July 2013 White Paper
Rita C. Creel

In this paper, Rita Creel identifies acquirer activities and resources necessary to support contractor efforts to build secure software-intensive systems.

Publisher:

CERT

Abstract

When systems are built under government contract, the acquirer and contractor share responsibility for the outcome, not only in terms of cost, schedule, and performance, but also with respect to quality attributes such as security. Using an acquisition life cycle framework, this article identifies acquirer activities, products, and resources that are necessary to establish and support contractor efforts to build secure software-intensive systems.