 |
||
|
Advanced Search |
||
|
|||||
|
Issue & Risk Tracking < Verification & Validation < Results Home
|
|
Click here to complete a short survey. The results of this survey will be used to help us improve the research program and this website.
Click here to view research projects that had new research results added in the last 90 days.
|
| Reducing Software Security Risk Through an Integrated Approach | |
| Point of Contact |
David Gilliam David.P.Gilliam-104868@jpl.nasa.gov |
| Dates | November 2000 - December 2005 |
| Problem | A recent report on NASA's Information Technology (IT) security posture points to numerous security vulnerabilities in NASA systems. The source of security weakness is usually traced to poor software development practices, non-secure links between computing systems and applications, and mis-configurations. An otherwise secure system can be compromised easily if system or application software on it or on a linked system has vulnerabilities. Currently, there are relatively few security assessment tools or instruments in the software development and maintenance life cycle that can help mitigate these vulnerabilities.Currently, there is a lack of Security Assessment Tools (SATs) for use in the software development and maintenance life cycles to mitigate these vulnerabilities. Development and use of a Software Security Assessment Instrument (SSAI) will aid in assuring the security of NASA's software and systems. |
| Objective | The goal of the effort is the use of a formal analytical approach for integrating security into existing and emerging practices for developing high quality software and computer systems. The approach is to develop a security assessment instrument consisting of a collection of tools, procedures and instruments to support the development of secure software. |
| Results |
Formal Assessment Instrument for Ensuring the Security of NASA's Networks Systems & Software.ppt SAS Presentation 2002.ppt Software Security Checklist for the Software Life Cycle.ppt |
| Keywords | Security Assessment Tools, software security, software development and maintenance life cycle |
| Categories |
Domain-Specific Analysis Issue & Risk Tracking |
|
| |
|
Curator: Josh Stonestreet NASA Official: Lisa Montgomery |
|
NASA Privacy, Security, Notices |