International Liability Issues for Software Quality

Abstract : This report focuses on international law related to cybercrime, international information security standards, and software liability issues as they relate to information security for critical infrastructure applications. Each area is explored and implications for U.S. policy and efforts to create cyber security policy worldwide are discussed. Recommendations are made for U.S. government participation and leadership. This report is one of a series of reports on U.S. policy by the CERT Coordination Center. Prior reports focused on international infrastructure for global security incident response and the technical challenges and global policy issues of tracking and tracing cyber attacks.

[1]  J. P. Chevrel,et al.  Opening Statement , 2018, Brahms's A German Requiem.

[2]  François Coallier International standardization in software and systems engineering , 2004 .

[3]  George Cybenko From the Editor: Sapphire/Slammer Redux , 2003, IEEE Secur. Priv..

[4]  Axel W. Krings,et al.  A simple GSPN for modelling common mode failures in critical infrastructures , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[5]  Michael Howard,et al.  Inside the Windows Security Push , 2003, IEEE Secur. Priv..

[6]  Daniel J. Ryan Two Views on Security Software Liability: Let the Legal System Decide , 2003, IEEE Secur. Priv..

[7]  Carey Heckman Two views on security software liability: Using the right legal tools , 2003, IEEE Security & Privacy Magazine.

[8]  Alexander K. Wißpeintner,et al.  Secure systems development based on the common criteria: the PalME project , 2002, SIGSOFT '02/FSE-10.

[9]  H. Lipson Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues , 2002 .

[10]  Erin Kenneally Who's Liable for Insecure Networks? , 2002, Computer.

[11]  Andrew P. Moore,et al.  Can We Ever Build Survivable Systems from COTS Components? , 2002, CAiSE.

[12]  Daniel Flagg,et al.  Merging Integration Solutions for Architecture and Security Mismatch , 2002, ICCBSS.

[13]  Li Li,et al.  Issues in Developing Security Wrapper Technology for COTS Software Products , 2002, ICCBSS.

[14]  James A. Lewis Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats , 2002 .

[15]  R. Ibrahim,et al.  Integrity Assurance: Extending the CMMI & iCMM for Safety and Security , 2002 .

[16]  G. Buda,et al.  Security standards for the global information grid , 2001, 2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277).

[17]  T. McParland,et al.  Public key infrastructure for air traffic management systems , 2001, 20th DASC. 20th Digital Avionics Systems Conference (Cat. No.01CH37219).

[18]  R. E. Smith,et al.  The Releasable Data Products Framework , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[19]  D. Hollingworth,et al.  Enhancing operating system resistance to information warfare , 2000, MILCOM 2000 Proceedings. 21st Century Military Communications. Architectures and Technologies for Information Superiority (Cat. No.00CH37155).

[20]  A. Roy,et al.  Security strategy for US Air Force to use commercial data link , 2000, 19th DASC. 19th Digital Avionics Systems Conference. Proceedings (Cat. No.00CH37126).

[21]  M. Needleman The Internet Engineering Task Force , 2000 .

[22]  S. O'Guin,et al.  Application of virtual private networking technology to standards-based management protocols across heterogeneous firewall-protected networks , 1999, MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341).

[23]  Naganand Doraswamy,et al.  Ipsec: the new security standard for the internet , 1999 .

[24]  Mourad Debbabi,et al.  Static analysis of binary code to isolate malicious behaviors , 1999, Proceedings. IEEE 8th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'99).

[25]  David T. Marlow,et al.  An Approach for Measuring IP Security Performance in a Distributed Environment , 1999, IPPS/SPDP Workshops.

[26]  K. Caplan,et al.  Building an international security standard , 1999 .

[27]  W. Fumy,et al.  Security techniques for the global information infrastructure , 1998, IEEE GLOBECOM 1998 (Cat. NO. 98CH36250).

[28]  Erland Jonsson,et al.  A Map of Security Risks Associated wuth Using COTS , 1998, Computer.

[29]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .