Software Assurance Article Index for
Software 		Website Links For
Software 		 

Information About

Software Assurance
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...



Software Assurance (SwA) is: “the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at anytime during its lifecycle, and that the software functions in the intended manner.”

— Source: Committee on National Security Systems (CNSS) Instruction No. 4009, “National Information Assurance Glossary”, Revised 2006 — http://www.cnss.gov/instructions.html-

Alternate definitions:

{Link without Title} From the Department of Homeland Security (DHS), Software Assurance (SwA) addresses:
  • Trustworthiness - No exploitable vulnerabilities exist, either maliciously or unintentionally inserted;

  • Predictable Execution - Justifiable confidence that software, when executed, functions as intended;

  • Conformance - Planned and systematic set of multi-disciplinary activities that ensure software processes and products conform to requirements, standards/ procedures.


Contributing SwA disciplines, articulated in Bodies of Knowledge and Core Competencies: Software Engineering, Systems Engineering, Information Systems Security Engineering, Information Assurance, Test and Evaluation, Safety, Security, Project Management, and Software Acquisition.

- Source: DHS Build Security In web portal, https://buildsecurityin.us-cert.gov/portal

{Link without Title} From the Department of Defense (DoD), Software Assurance (SwA) relates to "the level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software."

- Source: DoD Software Assurance Initiative, 13 September 2005 - https://acc.dau.mil/CommunityBrowser.aspx?id=25749

{Link without Title} From the National Institute of Standards and Technology (NIST), Software Assurance (SwA) is "the planned and systematic set of activities that ensures that software processes and products conform to requirements, standards, and procedures to help achieve:
  • Trustworthiness - No exploitable vulnerabilities exist, either of malicious or unintentional origin, and

  • Predictable Execution - Justifiable confidence that software, when executed, functions as intended."

    • - Source: NIST SAMATE project http://samate.nist.gov/


{Link without Title} From the National Aeronautics and Space Administration (NASA), Software Assurance - "Planned and systematic set of activities that ensures that software processes and products conform to requirements, standards, and procedures. It includes the disciplines of Quality Assurance, Quality Engineering, Verification and Validation, Nonconformance Reporting and Corrective Action, Safety Assurance, and Security Assurance and their application during a software life cycle." The NASA Software Assurance Standard also states: "The application of these disciplines during a software development life cycle is called Software Assurance."

- Source: NASA-STD-2201-93 "Software Assurance Standard", 10 November 1992 - http://satc.gsfc.nasa.gov/assure/assurepage.html

{Link without Title} From the Object Management Group (OMG), Software Assurance (SwA) is “justifiable trustworthiness in meeting established business and security objectives.”

- Source: OMG Software Assurance (SwA) Special Interest Group (SIG) http://adm.omg.org/SoftwareAssurance.pdf and
http://swa.omg.org/docs/softwareassurance.v3.pdf

{Link without Title} From Webopedia, "Software Quality Assurance, abbreviated as SQA, and also called software assurance, it is a level of confidence that software is free from vulnerabilities, either intentionally designed into the software or inserted at anytime during its lifecycle, and that the software functions in the intended manner."

- Source: Webopedia on-line encyclopedia - http://www.webopedia.com/TERM/S/Software_Quality_Assurance.html

{Link without Title} As indicated in the Webopedia definition, the term "software assurance" has been used as a shorthand for Software Quality Assurance (SQA) when not necessarily considering security or trustworthiness. SQA is defined in the ''Handbook of Software Quality Assurance'' as: "the set of systematic activities providing evidence of the ability of the software process to produce a software product that is fit to use."
- Source: G. Gordon Schulmeyer and James I. McManus, ''Handbook of Software Quality Assurance'', 3rd Edition (Prentice Hall PRT, 1998)

- - - - - - -

Software Assurance is a strategic initiative of the U.S. Department of Homeland Security (DHS) to promote integrity, security, and reliability in software. The SwA Program is based upon the National Strategy to Secure Cyberspace - Action/Recommendation 2-14:
“DHS will facilitate a national public-private effort to promulgate best practices and methodologies that promote integrity, security, and reliability in software code development, including processes and procedures that diminish the possibilities of erroneous code, malicious code, or trap doors that could be introduced during development.” - https://buildsecurityin.us-cert.gov/portal

Software Assurance Metrics and Tool Evaluation (SAMATE) is a NIST project that supports the DHS Software Assurance Program in the identification, enhancement and development of software assurance tools. NIST is leading in (A) testing software evaluation tools, (B) measuring the effectiveness of tools, and (C) identifying gaps in tools and methods. - http://samate.nist.gov/

OMG Software Assurance (SwA) Special Interest Group (SIG), http://swa.omg.org, works with Platform and Domain Task Forces and other software industry entities and groups external to the OMG, to coordinate the establishment of a common framework for analysis and exchange of information related to software trustworthiness by facilitating the development of a specification for a Software Assurance Framework that will:
  • Establish a common framework of software properties that can be used to represent any/all classes of software so software suppliers and acquirers can represent their claims and arguments(respectively), along with the corresponding evidence, employing automated tools (to address scale)

  • Verify that products have sufficiently satisfied these characteristics in advance of product acquisition, so that system engineers/integrators can use these products to build (compose) larger assured systems with them

  • Enable industry to improve visibility into the current status of software assurance during development of its software

  • Enable industry to develop automated tools that support the common framework.


- - - - - - -

Software Security Assurance Publicly Available Resource: The Software Assurance Forum has provided a collaborative venue for stakeholders to share and advance techniques and technologies relevant to software security. The state-of-the-art report (SOAR) on "Software Security Assurance" (published by the Information Assurance Technology Analysis Center) is a free, publicly available resource at http://iac.dtic.mil/iatac/download/security.pdf which represents an output of collaborative efforts of organizations and individuals in the SwA Forum and Working Groups. The SOAR provides an overview of the current state of the environment in which software must operate and surveys current and emerging activities and organizations involved in promoting various aspects of software security assurance. The report also describes the variety of techniques and technologies in use in government, industry, and academia for specifying, acquiring, producing, assessing, and deploying software that can, with a justifiable degree of confidence, be said to be secure. The report also presents observations about noteworthy trends in software security assurance as a discipline.

- - - - - - -


EXTERNAL LINKS