The Software Industry's "Clean Water Act" Alternative

February 2012
Topics: Computer Security, Environmental Health, Information Security Risk Management, Prevent Terrorism
Robert A. Martin, The MITRE Corporation
Steven M. Christey, The MITRE Corporation
Download PDF (315.61 KB)

With water we have trust that qualities harmful to its intended use are not present. In order to avoid a regulatory "solution" to problems with "contaminants" that endanger software's intended use, the industry needs to put in place processes and technical methods for examining software for the contaminants that are most dangerous given the intended use of specific software.

The Common Weakness Enumeration (CWE™) [1] offers the industry a list of potentially dangerous contaminants to software. Common Weakness Scoring System (CWSS™)[2] and Common Weakness Risk Analysis Framework (CWRAF™)[3] provide a standard method for identifying which of these dangerous contaminants would be most harmful to a particular organization, given the intended use of a specific piece of software within that organization.

By finding systematic and verifiable ways of identifying, removing, and gaining assurance that contaminated software has been addressed, software providers can improve customers' confidence in systems and possibly avoid regulatory solutions.


Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search