|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
The Software Industry's "Clean Water Act" Alternative
May-June 2012 (vol. 10 no. 3)
pp. 24-31
| ASCII Text | x | ||
| Robert A. Martin, Steven M. Christey, "The Software Industry's "Clean Water Act" Alternative," IEEE Security & Privacy, vol. 10, no. 3, pp. 24-31, May-June, 2012. | |||
| BibTex | x | ||
| @article{ 10.1109/MSP.2012.3, author = {Robert A. Martin and Steven M. Christey}, title = {The Software Industry's "Clean Water Act" Alternative}, journal ={IEEE Security & Privacy}, volume = {10}, number = {3}, issn = {1540-7993}, year = {2012}, pages = {24-31}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2012.3}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - MGZN JO - IEEE Security & Privacy TI - The Software Industry's "Clean Water Act" Alternative IS - 3 SN - 1540-7993 SP24 EP31 EPD - 24-31 A1 - Robert A. Martin, A1 - Steven M. Christey, PY - 2012 KW - source code static analysis KW - vulnerability severity KW - security weakness KW - risk KW - risk management KW - software flaws KW - design mistakes KW - coding errors KW - security mistakes KW - code assessment KW - application security KW - operational impact KW - prioritization VL - 10 JA - IEEE Security & Privacy ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.3
With water, we trust that qualities harmful to its intended use aren't present. To avoid a regulatory solution to problems with contaminants that endanger software's intended use, the industry needs to implement processes and technical methods for examining software for the contaminants that are most dangerous given its intended use. By finding systematic and verifiable ways to identify remove, and verify contaminated software, software providers can improve customers' confidence in systems and possibly avoid regulatory solutions.
Index Terms:
source code static analysis, vulnerability severity, security weakness, risk, risk management, software flaws, design mistakes, coding errors, security mistakes, code assessment, application security, operational impact, prioritization
Citation:
Robert A. Martin, Steven M. Christey, "The Software Industry's "Clean Water Act" Alternative," IEEE Security & Privacy, vol. 10, no. 3, pp. 24-31, May-June 2012, doi:10.1109/MSP.2012.3
Usage of this product signifies your acceptance of the Terms of Use.