Supporting the Use of CERT (registered trademark) Secure Coding Standards in DoD Acquisitions

Supporting the Use of CERT (registered trademark) Secure Coding Standards in DoD Acquisitions

The United States Department of Defense (DoD) increasingly depends on networked software systems. One result of this dependency is an increase in attacks on both military and non-military systems as attackers look to exploit software vulnerabilities. Program acquisition offices are emphasizing infor...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Morrow, Tim, Seacord, Robert, Bergey, John, Miller, Philip
Format: Report
Sprache:eng
Schlagworte:
ACQUISITION
CODING
COMPUTER PROGRAMS
COMPUTER SECURITY
Computer Systems Management and Standards
INFORMATION ASSURANCE
THREATS
VULNERABILITY
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The United States Department of Defense (DoD) increasingly depends on networked software systems. One result of this dependency is an increase in attacks on both military and non-military systems as attackers look to exploit software vulnerabilities. Program acquisition offices are emphasizing information assurance to address various threats. The Defense Information Systems Agency (DISA) created the Application Security and Development Security Technical Implementation Guide (STIG) in response to DoD Directive 8500.IE, which establishes policies and assigns responsibilities for achieving DoD information assurance. That STIG provides guidance for information assurance and security throughout a program s lifecycle, and it is specified as a requirement for DoD-developed, -architected, and -administered applications and systems that are connected to DoD networks.