A Systemic Approach for Assessing Software Supply-Chain Risk

A Systemic Approach for Assessing Software Supply-Chain Risk

In today's business environment, multiple organizations must routinely work together in software supply chains when acquiring, developing, operating, and maintaining software products. The programmatic and product complexity inherent in software supply chains increases the risk that defects, vu...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Alberts, C J, Dorofee, A J, Creel, R, Ellison, R J, Woody, C
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Driver circuits
Risk management
Sociotechnical systems
Software
Software engineering
Supply chains
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 8
container_issue
container_start_page 1
container_title
container_volume
creator Alberts, C J
Dorofee, A J
Creel, R
Ellison, R J
Woody, C
description In today's business environment, multiple organizations must routinely work together in software supply chains when acquiring, developing, operating, and maintaining software products. The programmatic and product complexity inherent in software supply chains increases the risk that defects, vulnerabilities, and malicious code will be inserted into a delivered software product. As a result, effective risk management is essential for establishing and maintaining software supply-chain assurance over time. The Software Engineering Institute (SEI) is developing a systemic approach for assessing and managing software supply-chain risks. This paper highlights the basic approach being implemented by SEI researchers and provides a summary of the status of this work.
doi_str_mv 10.1109/HICSS.2011.36
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5718996</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5718996</ieee_id><sourcerecordid>5718996</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-b3f8a42a1b60b7c084aa6356903cd5997601307aaac16c43f483b3f0d89397373</originalsourceid><addsrcrecordid>eNotjMtKw0AUQAcfYKxdunIzPzDx3nkPuAlBbaEgmO7LZDqxo20TMhHp31vQszmrcwi5RygRwT0ulnXTlBwQS6EvSMGV4UxbzS_JLUoupdNozRUpUAlgqEHdkHnOn3BGcWO5LshTRZtTnuIhBVoNw9j7sKNdP9Iq55hzOn7Qpu-mHz9G2nwPw_7E6p1PR_qe8tcdue78Psf5v2dk_fK8rhds9fa6rKsVSw4m1orOesk9thpaE8BK77VQ2oEIW-Wc0YACjPc-oA5SdNKKcwNb64QzwogZefjbphjjZhjTwY-njTJondPiF_mHR6s</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A Systemic Approach for Assessing Software Supply-Chain Risk</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Alberts, C J ; Dorofee, A J ; Creel, R ; Ellison, R J ; Woody, C</creator><creatorcontrib>Alberts, C J ; Dorofee, A J ; Creel, R ; Ellison, R J ; Woody, C</creatorcontrib><description>In today's business environment, multiple organizations must routinely work together in software supply chains when acquiring, developing, operating, and maintaining software products. The programmatic and product complexity inherent in software supply chains increases the risk that defects, vulnerabilities, and malicious code will be inserted into a delivered software product. As a result, effective risk management is essential for establishing and maintaining software supply-chain assurance over time. The Software Engineering Institute (SEI) is developing a systemic approach for assessing and managing software supply-chain risks. This paper highlights the basic approach being implemented by SEI researchers and provides a summary of the status of this work.</description><identifier>ISSN: 1530-1605</identifier><identifier>ISBN: 1424496187</identifier><identifier>ISBN: 9781424496181</identifier><identifier>EISSN: 2572-6862</identifier><identifier>DOI: 10.1109/HICSS.2011.36</identifier><language>eng</language><publisher>IEEE</publisher><subject>Driver circuits ; Risk management ; Sociotechnical systems ; Software ; Software engineering ; Supply chains</subject><ispartof>2011 44th Hawaii International Conference on System Sciences, 2011, p.1-8</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5718996$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5718996$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Alberts, C J</creatorcontrib><creatorcontrib>Dorofee, A J</creatorcontrib><creatorcontrib>Creel, R</creatorcontrib><creatorcontrib>Ellison, R J</creatorcontrib><creatorcontrib>Woody, C</creatorcontrib><title>A Systemic Approach for Assessing Software Supply-Chain Risk</title><title>2011 44th Hawaii International Conference on System Sciences</title><addtitle>hicss</addtitle><description>In today's business environment, multiple organizations must routinely work together in software supply chains when acquiring, developing, operating, and maintaining software products. The programmatic and product complexity inherent in software supply chains increases the risk that defects, vulnerabilities, and malicious code will be inserted into a delivered software product. As a result, effective risk management is essential for establishing and maintaining software supply-chain assurance over time. The Software Engineering Institute (SEI) is developing a systemic approach for assessing and managing software supply-chain risks. This paper highlights the basic approach being implemented by SEI researchers and provides a summary of the status of this work.</description><subject>Driver circuits</subject><subject>Risk management</subject><subject>Sociotechnical systems</subject><subject>Software</subject><subject>Software engineering</subject><subject>Supply chains</subject><issn>1530-1605</issn><issn>2572-6862</issn><isbn>1424496187</isbn><isbn>9781424496181</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2011</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjMtKw0AUQAcfYKxdunIzPzDx3nkPuAlBbaEgmO7LZDqxo20TMhHp31vQszmrcwi5RygRwT0ulnXTlBwQS6EvSMGV4UxbzS_JLUoupdNozRUpUAlgqEHdkHnOn3BGcWO5LshTRZtTnuIhBVoNw9j7sKNdP9Iq55hzOn7Qpu-mHz9G2nwPw_7E6p1PR_qe8tcdue78Psf5v2dk_fK8rhds9fa6rKsVSw4m1orOesk9thpaE8BK77VQ2oEIW-Wc0YACjPc-oA5SdNKKcwNb64QzwogZefjbphjjZhjTwY-njTJondPiF_mHR6s</recordid><startdate>201101</startdate><enddate>201101</enddate><creator>Alberts, C J</creator><creator>Dorofee, A J</creator><creator>Creel, R</creator><creator>Ellison, R J</creator><creator>Woody, C</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201101</creationdate><title>A Systemic Approach for Assessing Software Supply-Chain Risk</title><author>Alberts, C J ; Dorofee, A J ; Creel, R ; Ellison, R J ; Woody, C</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-b3f8a42a1b60b7c084aa6356903cd5997601307aaac16c43f483b3f0d89397373</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Driver circuits</topic><topic>Risk management</topic><topic>Sociotechnical systems</topic><topic>Software</topic><topic>Software engineering</topic><topic>Supply chains</topic><toplevel>online_resources</toplevel><creatorcontrib>Alberts, C J</creatorcontrib><creatorcontrib>Dorofee, A J</creatorcontrib><creatorcontrib>Creel, R</creatorcontrib><creatorcontrib>Ellison, R J</creatorcontrib><creatorcontrib>Woody, C</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Alberts, C J</au><au>Dorofee, A J</au><au>Creel, R</au><au>Ellison, R J</au><au>Woody, C</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A Systemic Approach for Assessing Software Supply-Chain Risk</atitle><btitle>2011 44th Hawaii International Conference on System Sciences</btitle><stitle>hicss</stitle><date>2011-01</date><risdate>2011</risdate><spage>1</spage><epage>8</epage><pages>1-8</pages><issn>1530-1605</issn><eissn>2572-6862</eissn><isbn>1424496187</isbn><isbn>9781424496181</isbn><abstract>In today's business environment, multiple organizations must routinely work together in software supply chains when acquiring, developing, operating, and maintaining software products. The programmatic and product complexity inherent in software supply chains increases the risk that defects, vulnerabilities, and malicious code will be inserted into a delivered software product. As a result, effective risk management is essential for establishing and maintaining software supply-chain assurance over time. The Software Engineering Institute (SEI) is developing a systemic approach for assessing and managing software supply-chain risks. This paper highlights the basic approach being implemented by SEI researchers and provides a summary of the status of this work.</abstract><pub>IEEE</pub><doi>10.1109/HICSS.2011.36</doi><tpages>8</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1530-1605
ispartof 2011 44th Hawaii International Conference on System Sciences, 2011, p.1-8
issn 1530-1605
2572-6862
language eng
recordid cdi_ieee_primary_5718996
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Driver circuits
Risk management
Sociotechnical systems
Software
Software engineering
Supply chains
title A Systemic Approach for Assessing Software Supply-Chain Risk
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-04T05%3A43%3A12IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20Systemic%20Approach%20for%20Assessing%20Software%20Supply-Chain%20Risk&rft.btitle=2011%2044th%20Hawaii%20International%20Conference%20on%20System%20Sciences&rft.au=Alberts,%20C%20J&rft.date=2011-01&rft.spage=1&rft.epage=8&rft.pages=1-8&rft.issn=1530-1605&rft.eissn=2572-6862&rft.isbn=1424496187&rft.isbn_list=9781424496181&rft_id=info:doi/10.1109/HICSS.2011.36&rft_dat=%3Cieee_6IE%3E5718996%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5718996&rfr_iscdi=true