This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact firstname.lastname@example.org if you have any questions about the US-CERT website archive.
System complexity, today, is an aggregate of technology, scale, scope, operational, and organizational issues. The business usage, the technologies applied, and the changing operational environment raise software risks that are typically not addressed in current practice. This section discusses the effects of the changing operational environment on the development of secure systems. Vulnerability analysis has typically concentrated on errors in coding or in the interfaces among components; however, system interactions can also be a seedbed for vulnerabilities. One article in this content area includes discussions of the software assurance challenges inherent in networked systems development and proposes a structured approach to analyzing potential system stresses using scenarios.
Note: At a future date, this content area will be moved to a new section of Build Security In that will focus on system issues.