Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository
Abstract
: Defect free software is a critical national priority. Yet, we still donot fully understand the shape of the field that underlies the process of producing, sustaining and acquiring secure software. Specifically, there is no commonagreement on the knowledge requirements for the field, nor is there even fullagreement about the activities that legitimately comprise the process itself. Recognizing this, the Department of Defense, through the National Security Agency,has begun a three-year study to characterize the form and contents of the discipline of software assurance. This type of rigorous study is a necessary first stepin formulating an academic study of the field. It is also a prerequisite to formulating the practical steps necessary to achieve a secure software base. The firstphase of the project, which has just been completed, created a database containing the known empirical, theoretical, critical/analytic and methodologicalknowledge elements of the field. This report utilizes that database to characterizethe current state of secure software assurance work and suggest future directions.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 01, 2011
- Accession Number
- AD1153851
Entities
People
- Dan Shoemaker
- Jeff Ingalsbe
- Nancy R. Mead
- Rita M. Barrios
Organizations
- Carnegie Mellon University