By Topic

Managing vulnerabilities in your commercial-off-the-shelf (COTS) systems using an industry standards effort

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
1 Author(s)
Martin, R.A. ; Mitre Corp., Bedford, MA, USA

Organizations around the world, in every type of industry and market, are moving towards networks that are based on the Internet protocols. In addition, third-party commercial and open source software has become a critical element to these organizations and the infrastructure of networks, utilities, and services they rely upon to function. That means the software problems in these commercial-off-the-shelf (COTS) software products can quickly cause significant difficulties for any organization. When such software problems have security implications, they are referred to as "vulnerabilities." This paper discusses the ways of finding out about the vulnerabilities that exist in the COTS and open source software products used by an organization, or by the infrastructures that the organization is dependent upon. CVE, the common vulnerabilities and exposures initiative [], is a new international, community-based effort from industry, government, and academia that is working to create an organizing mechanism to make finding and fixing these COTS and open source software product vulnerabilities more rapid and efficient.

Published in:

Digital Avionics Systems Conference, 2002. Proceedings. The 21st  (Volume:1 )

Date of Conference:

27-31 Oct. 2002