Secure Sourcing of COTS Products: A Critical Missing Element in Software Engineering Education

Abstract: The aim of this paper is to publicize both the challenge and potential solution for the integration of secure supply chain risk management content into conventional software engineering programs. Specifically, software engineering programs typically do not teach how to ensure that the code produced and sold in commercial off-the-shelf (COTS) products hasn't been compromised through the sourcing process. We propose four instructional modules and topics based on established principles that can form the basis of … Show more

“…It is important to understand the implication of choosing a suitable component from a third-party repository because of the trade-off in quality [8]. Software Engineering taught programs do not teach how to ensure that COTS components are not compromised from production to integration [9]. Data are generated during component execution, which can be distilled and mined [10].…”

An Improved Repository Structure to Identify, Select and Integrate Components in Component-based Development

“…It is important to understand the implication of choosing a suitable component from a third-party repository because of the trade-off in quality [8]. Software Engineering taught programs do not teach how to ensure that COTS components are not compromised from production to integration [9]. Data are generated during component execution, which can be distilled and mined [10].…”

An Improved Repository Structure to Identify, Select and Integrate Components in Component-based Development

Technology Acquisition Plans to Foster Supply Chain Risk Management Learning Outcomes in Project-Based Software Development Courses

Adapting a Software Acquisition Curriculum to Instruct Supply Chain Risk Management in a Project-Based Software Development Course