Question

Go online and search for information about a commercial off-the-shelf program that had a serious security problem. Describe the problem in a brief paper. Be prepared to share your findings with the class. 500 words

Answer 1

• Software security comes out to be an important risk of using COTS software. The COTS software components contain important security concerns that it can find severe security risk into any Institution's or organization's software SCM (supply chain management). Security problem has occur when COTS components software with another software components to make an main composite applications where those applications can come into risks from their COTS software components.
• Moreover, software industry followers such as Institute of SANS and the gratner believes that issues in supply chain brings a major threat to the sectors. It can be affect to the Information Technology supply chains for compromising and forcing changes in the scenario of the marketplace.
• Also, according to the survey of SANS Institution few companies are perform their security reviews on every commercial household application and more than half of other companies do not perform security checks. The software companies depend on vendor reputation and legal liabilities or they don't have any strategies to deal with COTS components and maintain very limited visibility into the risks of the software supply chain by COTS.
• Configuration control is also a bit tough. COTS vendors constantly update their software to bring upon new technology and to meet the majority of their customer demands. Unfortunately, using COTS products are not that familiar to be used in military aspects. First, security being the greatest concern for the military due to the characteristics involvement of COTS. COTS software is maintained in the form of a Grey box or black box. There is no existence of security warranty. With COTS, functionality moves up to a higher priority than security.
• In other words, security is settled at the bottom of the list. COTS software 6 is widely available which increases the chances of risk that it falls into the hands of users with malicious threats. These users have the instance to reveal security drawbacks, that puts the risk for attack on the software systems. COTS software is huge and complex with multiple lines of source code hence, program bugs can easily lead to security vulnerabilities or issues.
• Issues in the medical industry in COTS software are called as software of unknown pedigree for example software that has not been made with a known software development methodology, which pre-includes its use in medical devices. There are faults in COTS software components that could be become system and machine failures in the device if the system are not taken to ensure standards which compiled with components. In this industry, outlines specific practices to ensure that software of unknown pedigree components support the safety requirements for the device being formed.

Types of COTS Security concern:
Security vulnerabilities are the results of software problem, disadvantage, weaknesses, logical errors, and bugs also. Depending on how COTS software components which are used in DoD system also, their issues can maintain the security via the following methods:

• The components of COTS can be allowed to access the resource in uncertified way that results other components might be failed to it’s function in the DOD system.
• The component of COTS can be demean authorized concession and authority to manage over the system.
• The component of COTS can be allowed to accessing unauthorized , uncertified , illegal , least requried resources of the DOD system .
  

*Please give an upvote if you find this solution helpful.