The Software Industry's "Clean Water Act" AlternativeFebruary 2012
Topics: Computer Security, Environmental Health, Information Security Risk Management, Prevent Terrorism
With water we have trust that qualities harmful to its intended use are not present. In order to avoid a regulatory "solution" to problems with "contaminants" that endanger software's intended use, the industry needs to put in place processes and technical methods for examining software for the contaminants that are most dangerous given the intended use of specific software.
The Common Weakness Enumeration (CWE™)  offers the industry a list of potentially dangerous contaminants to software. Common Weakness Scoring System (CWSS™) and Common Weakness Risk Analysis Framework (CWRAF™) provide a standard method for identifying which of these dangerous contaminants would be most harmful to a particular organization, given the intended use of a specific piece of software within that organization.
By finding systematic and verifiable ways of identifying, removing, and gaining assurance that contaminated software has been addressed, software providers can improve customers' confidence in systems and possibly avoid regulatory solutions.