![]() |
|||||
|
![]() Assuring the Safety and Security of COTS Software Products
COTS software products are most often black boxes to the end users, who can only surmise the safety or security of the software by examining the system behavior. This can raise a severe risk in critical military systems. Assuring the safety and security of COTS products is difficult because: The rush to market means end users become testers. COTS products have an unknown pedigree (who developed it, what process was used). The absence of source code precludes some analyses to certify the code, and it may be illegal to do reverse engineering of commercial products to deduce the code. Systems may not use all the features of COTS software but the unused features may have an undesirable effect on the behavior and resource consumption of the product. Suggestions for managing these risks include:
There are other technical issues that make thorough testing of COTS software difficult. For a discussion of these issues and the research that is needed to address them, see Issues in the Assurance of Component-Based Software. If you are interested in a fuller discussion on Information Assurance, read our recently published February 2001 EDGE issue devoted to this topic. For more information, please contact Judy Clapp using the employee directory. |
Solutions That Make a Difference.® |
|
|