|
The Software Industry's "Clean Water Act" Alternative
February 2012
Robert A. Martin, The MITRE Corporation
Steven M. Christey, The MITRE Corporation
ABSTRACT
With water we have trust that qualities harmful to its intended use are not present. In order to
avoid a regulatory "solution" to problems with "contaminants" that endanger software's intended
use, the industry needs to put in place processes and technical methods for examining software
for the contaminants that are most dangerous given the intended use of specific software.
The Common Weakness Enumeration (CWE™) [1] offers the industry a list of potentially
dangerous contaminants to software. Common Weakness Scoring System (CWSS™)[2] and
Common Weakness Risk Analysis Framework (CWRAF™)[3] provide a standard method for
identifying which of these dangerous contaminants would be most harmful to a particular
organization, given the intended use of a specific piece of software within that organization.
By finding systematic and verifiable ways of identifying, removing, and gaining assurance that
contaminated software has been addressed, software providers can improve customers'
confidence in systems and possibly avoid regulatory solutions.
Copyright
Copyright © 2012 IEEE. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the products or services of The MITRE Corporation. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.
Additional Search Keywords
n/a
|
