Presentation is loading. Please wait.

Presentation is loading. Please wait.

Barriers in using Open Source in a High Assurance Environment

Published byTimothy Stafford Modified over 7 years ago

Similar presentations

Presentation on theme: "Barriers in using Open Source in a High Assurance Environment"— Presentation transcript:

1 Barriers in using Open Source in a High Assurance Environment
Edwin Lee Software Architect, Raytheon Company The Open Group Conference 10/18/2005

2 Observations from prior meetings
Open Source software is Useful, capable, readily available Offers programmer choices & freedom of use “Power to the edge” for the software community Open source community and users were Not very familiar with the High Assurance Environment Not familiar with Information Security (IS) from DoD standpoint Not familiar with IS Certification and Accreditation process Even customers’ views are not always consistent Some customers embraced Open Source Some customers rejected Open Source

3 What are the barriers ? The biggest barrier is the lack of TRUST
Which translates to unknown Risk Risk = Probability of Occurrence x Consequence In a High Assurance Environment, Consequence could mean lost of lives Lack of trust means Probability of Occurrence is unknown Unknown risk

4 Trust Mechanisms Independent, traceable Evaluation of a product performed by TRUSTED entities Example: Common Criteria Evaluation Certification and Accreditation of a System before it is deployed, to meet “Protection Levels”, or Safety Standards Example: Protection Levels specified in DCID/6.3 DO-178B Certification activities for Safety Critical Systems A Process to be follows during software development to ensure trustworthiness Example: DITSCAP (Defense Information Technology Certification and Accreditation Process)

5 Can the Open Source community offer similar trust mechanism?
What kind of evalauation mechanism is reasonable to ask for? Security critical Safety critical What types of software need it? Deployable code Development Tool (IDE, compiler, etc..) Code generator How would pay for the evaluation or certification process? How should be the evaluation body? (TOG?)

Download ppt "Barriers in using Open Source in a High Assurance Environment"

Similar presentations

WTO, Trade and Environment Division

WTO, Trade and Environment Division
Chi Squared Tests. Introduction Two statistical techniques are presented. Both are used to analyze nominal data. –A goodness-of-fit test for a multinomial.

Chi Squared Tests. Introduction Two statistical techniques are presented. Both are used to analyze nominal data. –A goodness-of-fit test for a multinomial.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #18-1 Chapter 18: Introduction to Assurance Overview Why assurance? Trust and.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Milestone Systems Architecture and Engineering (A&E) Program

Milestone Systems Architecture and Engineering (A&E) Program
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
Top 7 Things to Know about Activation and Genuine Software with Windows 7 For computers with perpetual licensing obtained through Microsoft volume licensing.

Top 7 Things to Know about Activation and Genuine Software with Windows 7 For computers with perpetual licensing obtained through Microsoft volume licensing.
Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration
Test Organization and Management

Test Organization and Management
OH&S Plant Regulations make Good Business Sense Robert Enchelmaier Capability By Design Peter Kohler Robert Enchelmaier.

OH&S Plant Regulations make Good Business Sense Robert Enchelmaier Capability By Design Peter Kohler Robert Enchelmaier.
Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.

Product Development Chapter 6. Definitions needed: Verification: The process of evaluating compliance to regulations, standards, or specifications.
Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.

Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.
SANAS ACCREDITATION DEES DHANRAJ BEE Lead Assessor.

SANAS ACCREDITATION DEES DHANRAJ BEE Lead Assessor.
Randy Beavers CS 585 – Computer Security February 19, 2009.

Randy Beavers CS 585 – Computer Security February 19, 2009.
DOD SOFTWARE ASSURANCE INITIATIVE: Mitigating Risks Attributable to Software through Enhanced Risk Management Joe Jarzombek, PMP Deputy Director for Software.

DOD SOFTWARE ASSURANCE INITIATIVE: Mitigating Risks Attributable to Software through Enhanced Risk Management Joe Jarzombek, PMP Deputy Director for Software.
“How to Measure the Impact of Specific Development Practices on Fielded Defect Density” by Ann Marie Neufelder Presented by: Feride Padgett.

“How to Measure the Impact of Specific Development Practices on Fielded Defect Density” by Ann Marie Neufelder Presented by: Feride Padgett.
CSCE 548 Secure Software Development Security Operations.

CSCE 548 Secure Software Development Security Operations.
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:

SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Promoting Quality in Fire Safety Presentation by:.

Promoting Quality in Fire Safety Presentation by:.

Similar presentations

Ads by Google