Issue No.03 - May-June (2012 vol.10)
Robert A. Martin , MITRE
Steven M. Christey , MITRE
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.3
With water, we trust that qualities harmful to its intended use aren't present. To avoid a regulatory solution to problems with contaminants that endanger software's intended use, the industry needs to implement processes and technical methods for examining software for the contaminants that are most dangerous given its intended use. By finding systematic and verifiable ways to identify remove, and verify contaminated software, software providers can improve customers' confidence in systems and possibly avoid regulatory solutions.
source code static analysis, vulnerability severity, security weakness, risk, risk management, software flaws, design mistakes, coding errors, security mistakes, code assessment, application security, operational impact, prioritization
Robert A. Martin, Steven M. Christey, "The Software Industry's "Clean Water Act" Alternative", IEEE Security & Privacy, vol.10, no. 3, pp. 24-31, May-June 2012, doi:10.1109/MSP.2012.3