Development and Transition of the SEI Software Assurance Curriculum

Summary and Future Plans

We completed the development and publication of the textbook, Cyber Security Engineering: A Practical Approach for System and Software Assurance, which was released November 2, 2016 as part of the SEI Book Series. For more information about the book, see https://insights.sei.cmu.edu/sei_blog/2016/10/seven-principles-for-software-assurance.html. Work is also underway for an online certificate in cybersecurity engineering to augment available resources.

Though we demonstrated strong success with the curriculum materials developed so far, the model cannot reach its full potential until we have full-course content (e.g., slides, instructor notes, homework, exams, and case studies) developed for all courses. Seven of the MSwA courses are still in need of material development.

In addition, courses for related disciplines where software assurance is an elective, such as software engineering, computer science, and information systems, are in need of materials. Undergraduate courses, particularly for use with specializations in software engineering, information systems, and computer science, are also lacking in materials for broad use. Opportunities for inclusion in high school instruction remain unexplored and students are learning how to write code and field programs even earlier in their education without the benefit of knowing how to do so securely.

Acknowledgments

We would like to acknowledge our colleagues, collaborators, and sponsors who contributed to the Software Assurance Curriculum Project and its transition to the community.

Copyright 2017 Carnegie Mellon University

This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center.

NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

[Distribution Statement A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution. DM-0004452

References

1. Allen 2008] Allen, Julia H.; Barnum, Sean; Ellison, Robert J.; McGraw, Gary; & Mead, Nancy R. Software Security Engineering: A Guide for Project Managers. Addison-Wesley Professional, 2008.
2. [B-APT] Psychometrics, Berger Aptitude for Programming Test (B-APT) website. Available at http://www.psy-test.com/Baptd.html
3. [CNSS 2009] Committee on National Security Systems. “Instruction No. 4009,” National Information Assurance Glossary. Revised June 2009.
4. [Drew 2009] Drew, C. “Wanted: ‘Cyber Ninjas.’” New York Times, 2009. Retrieved December 29, 2009 from website, available at http://www.nytimes.com/2010/01/03/education/edlife/03cybersecurity.html?emc=eta1.
5. [Mead 2010a] Mead, N. R., et al. Software Assurance Curriculum Project Volume I: Master of Software Assurance Reference Curriculum (CMU/SEI-2010-TR-005). Software Engineering Institute, Carnegie Mellon University, 2010. Available at http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=9415.
6. [Mead 2010b] Mead, N. R., et al. Software Assurance Curriculum Project Volume II: Undergraduate Course Outlines (CMU/SEI-2010-TR-019). Software Engineering Institute, Carnegie Mellon University, 2010. Website, Available at http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=9543.
7. Mead 2011a] Mead, N.R. et al. Software Assurance Curriculum Project Volume III: Master of Software Assurance Course Syllabi, (CMU/SEI-2011-TR-013), Software Engineering Institute, Carnegie Mellon University, March 2011. Available at http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=9981.
8. [Mead 2011b] Mead, N.R. et al. Software Assurance Curriculum Project Volume IV: Community College Education, (CMU/SEI-2011-TR-017), Software Engineering Institute, Carnegie Mellon University, September 2011. Available at http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=10009.
9. [Olinsky 2013] Olinsky, B. and Steinberg, S. “Training for Success – A Policy to Expand Apprenticeships in the United States,” November 2013, Center for American Progress. Available at https://www.americanprogress.org/issues/economy/reports/2013/12/02/79991/training-for-success-a-policy-to-expand-apprenticeships-in-the-united-states/.
10. [PPP 2009] Partnership for Public Service & Booz Allen Hamilton. Cyber IN-Security: Strengthening the Federal Cybersecurity Workforce. Partnership for Public Service, 2009. Retrieved July, 2009. Available at http://ourpublicservice.org/OPS/publications/viewcontentdetails.php?id=135.
11. [State of Washington 2013] State of Washington Workforce Training and Education Coordinating Board, “2013 Workforce Training Results by Program: Apprenticeship.” Available at http://www.wtb.wa.gov/Documents/2_Apprenticeship_2013.pdf.