The current hot topic in the news is the revelation that horsemeat has contaminated the UK's food supply chain. This follows on from recent findings that suggest halal food supplied to some prison contained pork.
The outrage about eating horses and about retail products not containing ingredients other than those listed on the label has raised concerns about how the integrity of the food supply chain can be ensured. There is much more legislation around food standards (for example coffee and juice), and better labelling, but food appears to suffer from similar risks as the software supply chain.
Well there are usually no easy answers, but for once it seems the software assurance community is ahead of food standards. If you don't want unknown ingredients in acquired software code, take a look at:
- Notional Supply Chain Risk Management Practices for Federal Information Systems, NISTIR 722, Interagency Report, NIST, 2012
- Software Assurance in Acquisition and Contract Language, Software Assurance Pocket Guide Series, Software Assurance, US Department of Homeland Security, 2012
- Software Supply Chain Risk Management: From Products to Systems of Systems, Technical Note CMU/SEI-2010-TN-026, Software Engineering Institute, Carnegie Mellon University, 2010
- Evaluating and Mitigating Software Supply Chain Security Risks, Technical Note CMU/SEI-2010-TN-016, Software Engineering Institute, Carnegie Mellon University, 2010
- An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain, SAFECode, 2010
- Framework for Software Supply Chain Integrity, SAFECode, 2009
- Software Supply Chain Risk Management and Due Diligence, Software Assurance Pocket Guide Series, Software Assurance, US Department of Homeland Security, 2009
Posted on: 09 February 2013 at 20:34 hrs