The indiscriminate use of COTS components is a primary impediment to the design of survivable systems. Lower upfront costs, and a belief that the cost savings extend throughout the system’s lifecycle, are primary motivators in the shift from custom-designed to COTS-based systems. The disadvantages associated with COTS-based design include the absence of source code and the lack of access to the other artifacts of the software engineering process used to design the COTS components. These artifacts include architectural representations, comprehensive test results, results of (or even indications of the existence of) design reviews and code walkthroughs, and descriptions of (and the design rationale for) all explicit tradeoffs among the various attributes of software quality, such as performance, security, reliability, modifiability, usability, and cost. Moreover, the economic realities of mass-produced software bias these design tradeoffs in favor of lower costs and increased market share for the vendor, whereas survivability is largely dependent upon those software quality attributes (such as security and reliability) that support the mission of the acquiring organization.
[1]
Nancy R. Mead,et al.
Toward Survivable COTS - Based Systems
,
2001
.
[2]
Lisa Brownsword,et al.
An Activity Framework for COTS-Based Systems
,
2000
.
[3]
Andrew P. Moore,et al.
Can We Ever Build Survivable Systems from COTS Components?
,
2002,
CAiSE.
[4]
LindqvistUlf,et al.
A Map of Security Risks Associated with Using COTS
,
1998
.
[5]
Barry W. Boehm,et al.
COTS-Based Systems Top 10 List
,
2001,
Computer.
[6]
David Carney,et al.
DoD Security Needs and COTS-Based Systems
,
1998
.