Mar/Apr 2014

Mitigating Risks of Counterfeit and Tainted Components

Download Entire Mar/Apr 2014 Issue (PDF 12MB)

View Online Digital Flipbook Version (Requires Adobe Flash)

Table of Contents
(click below to download individual articles from the Mar/Apr 2014 issue)

From the Sponsor
by Roberta (Bobbie) Stempfley
Download Article (PDF)

Non-Malicious Taint: Bad Hygiene is as Dangerous to the Mission as Malicious Intent
by Robert A. Martin
Until both malicious and non-malicious aspects of taint can be dealt with in ways that are visible and verifiable, there will be a continued lack of confidence and assurance in delivered capabilities throughout their lifecycle.
Download Article (PDF)

Collaborating across the Supply Chain to Address Taint and Counterfeit
by Dan Reddy
The community of acquirers and providers of technology must reach a consensus on two basics questions: 1) Where is the mitigation focus?, and 2) Are we discussing issues that occur in technology development or just products that have been tampered with?
Download Article (PDF)

Software and Supply Chain Risk Management Assurance Framework
by Don O'Neill
The DoD, the defense industrial base, and the nation’s critical infrastructure all face challenges in Supply Chain Risk Management Assurance. These diverse challenges span infrastructure, trust, competitiveness, and austerity.
Download Article (PDF)

Malware, "Weakware," and the Security of Software Supply Chains
by C. Warren Axelrod, Ph.D.
The need for security often exceeds the ability and will of software engineers to design secure software architectures, implement secure coding methods, perform functional security testing, and carefully manage the installation of software products on various platforms and in different environments.
Download Article (PDF)

Problems and Mitigation Strategies for Developing and Validating Statistical Cyber Defenses
by Michael Atighetchi, Michael Jay Mayhew, Rachel Greenstadt, and Aaron Adler
The development and validation of advanced cyber security technology frequently relies on data capturing normal and suspicious activities at various system layers. However, getting access to meaningful data continues to be a major hurdle for innovation in statistical cyber defense research.
Download Article (PDF)

Earned Schedule 10 Years Later: Analyzing Military Programs
by Kevin T. Crumrine, Jonathan D. Ritschel, Ph.D., and Edward White, Ph.D.
While progress has been made in understanding the utility of Earned Schedule (ES) in some small scale and limited studies, a significant analysis of ES in DoD acquisition programs is missing.
Download Article (PDF)

by David A. Cook,
Download Article (PDF)