4. Summit
Developers
Developers Summit 2013 Kansai Action !
US
法律からの引用
SEC.
933.
IMPROVEMENTS
IN
ASSURANCE
OF
COMPUTER
SOFTWARE
PROCURED
BY
THE
DEPARTMENT
OF
DEFENSE.
国防総省が製造したコンピュータ・ソフトウェアの保証改善
(a)
Baseline
SoMware
Assurance
Policy-‐
The
Under
Secretary
of
Defense
for
AcquisiTon,
Technology,
and
LogisTcs,
in
coordinaTon
with
the
Chief
InformaTon
Officer
of
the
Department
of
Defense,
shall
develop
and
implement
a
baseline
soMware
assurance
policy
for
the
enTre
lifecycle
of
covered
systems.
Such
policy
shall
be
included
as
part
of
the
strategy
for
trusted
defense
systems
of
the
Department
of
Defense.
(b)
Policy
Elements-‐
The
baseline
soMware
assurance
policy
under
subsecTon
(a)
shall-‐-‐
(1)
require
use
of
appropriate
automated
vulnerability
analysis
tools
in
computer
so3ware
code
during
the
en7re
lifecycle
of
a
covered
system,
including
during
development,
operaTonal
tesTng,
operaTons
and
sustainment
phases,
and
reTrement;
(2)
require
covered
systems
to
idenTfy
and
prioriTze
security
vulnerabiliTes
and,
based
on
risk,
determine
appropriate
remediaTon
strategies
for
such
security
vulnerabiliTes;
(3)
ensure
such
remedia7on
strategies
are
translated
into
contract
requirements
and
evaluated
during
source
selecTon;
NaTonal
Defense
AuthorizaTon
Act
2013
29. Summit
Developers
Developers Summit 2013 Kansai Action !
現状を知ろう
M Y
R E C O M M E N D
N E X T
A C T I O N !
37
• 神頼みでなく、
まずは、
現状を知ること。
• 無料コード・テスト診断
受付中です!
“コベリティ”で検索