icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

COTS in the Real World: A Case Study in Risk Discovery and Repair

Technical Note
By
This report describes the investigations that were performed to determine how well selected commercial components met the mission needs of a DoD project.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-99-TN-003
Topic or Tag

Abstract

Like many organizations in both the public and private sectors, the U.S. Department of Defense (DoD) is committed to a policy of using commercial off-the-shelf (COTS) components in new systems, particularly information systems. However, the DoD also has a long-standing set of security needs for its systems, and the pressure to adopt COTS components can come into conflict with those security constraints. The major elements of this conflict are the DoD's overall approach to system security on one hand and the economic forces that drive the component industry on the other. As DoD managers and system integrators look to the COTS marketplace for components to satisfy more security requirements, this conflict becomes more prominent. In this report, we describe an actual product evaluation where just such a conflict occurred, examine why that conflict exists, and outline the corrective steps that were taken.

SHARE
Download PDF
Cite This Technical Note

Hissam, S., & Plakosh, D. (1999, April 1). COTS in the Real World: A Case Study in Risk Discovery and Repair. (Technical Note CMU/SEI-99-TN-003). Retrieved December 22, 2024, from https://insights.sei.cmu.edu/library/cots-in-the-real-world-a-case-study-in-risk-discovery-and-repair/.

@techreport{hissam_1999,
author={Hissam, Scott and Plakosh, Daniel},
title={COTS in the Real World: A Case Study in Risk Discovery and Repair},
month={{Apr},
year={{1999},
number={{CMU/SEI-99-TN-003},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/cots-in-the-real-world-a-case-study-in-risk-discovery-and-repair/},
note={Accessed: 2024-Dec-22}
}

Hissam, Scott, and Daniel Plakosh. "COTS in the Real World: A Case Study in Risk Discovery and Repair." (CMU/SEI-99-TN-003). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, April 1, 1999. https://insights.sei.cmu.edu/library/cots-in-the-real-world-a-case-study-in-risk-discovery-and-repair/.

S. Hissam, and D. Plakosh, "COTS in the Real World: A Case Study in Risk Discovery and Repair," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-99-TN-003, 1-Apr-1999 [Online]. Available: https://insights.sei.cmu.edu/library/cots-in-the-real-world-a-case-study-in-risk-discovery-and-repair/. [Accessed: 22-Dec-2024].

Hissam, Scott, and Daniel Plakosh. "COTS in the Real World: A Case Study in Risk Discovery and Repair." (Technical Note CMU/SEI-99-TN-003). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Apr. 1999. https://insights.sei.cmu.edu/library/cots-in-the-real-world-a-case-study-in-risk-discovery-and-repair/. Accessed 22 Dec. 2024.

Hissam, Scott; & Plakosh, Daniel. COTS in the Real World: A Case Study in Risk Discovery and Repair. CMU/SEI-99-TN-003. Software Engineering Institute. 1999. https://insights.sei.cmu.edu/library/cots-in-the-real-world-a-case-study-in-risk-discovery-and-repair/

Ask a question about this Technical Note