an email newsletter released every 3 weeks highlighting the latest articles, events, technical inquiries, and voices from the community
Fall 2018: Volume 5 Issue 3
Published: November 2, 2017
Tools & Testing Techniques for Assured Software – DoD Software Assurance Community of Practice: Volume 2
This issue is a special Software Assurance (SwA) edition of the Journal of Cyber Security & Information Systems, published by the Cyber Security & Information Systems Information Analysis Center (CSIAC). This edition explores different aspects of software assurance competencies that can be used to improve software assurance functions and how to develop/deploy assured software throughout the lifecycle acquisition process. Articles are contributed by software assurance practitioners from the DoD and civil government that are devoted to the advancement of secure development principles in U.S government critical systems.
In This Issue
Introduction to Tools & Testing Techniques for Assured Software – DoD Software Assurance Community of Practice: Volume 2
Greetings, it is my honor to introduce the second of two special software assurance (SwA) editions of the Journal of Cyber Security & Information Systems, published by the Cyber Security & Information Systems Information Analysis…
SARD: Thousands of Reference Programs for Software Assurance
One way to understand the strengths and limitations of software assurance tools is to use a corpus of programs with known bugs. The software developer can run a candidate tool on programs in the corpus…
Improving Software Assurance through Static Analysis Tool Expositions
The National Institute of Standards and Technology Software Assurance Metrics and Tool Evaluation team conducts research in static analysis tools that find security-relevant weaknesses in source code. This article discusses our experiences with Static Analysis…
Software Assurance Adoption through Open Source Tools
Software and Security engineering as a discipline is getting increased attention across the Department of Defense (DoD) as a mission enabler. Historically the DoD used an engineering approach that is independent from the type of…
Software Assurance Measurement – Establishing a Confidence that Security is Sufficient
Measuring the software assurance of a product as it functions within a specific system context involves assembling carefully chosen metrics that demonstrate a range of behaviors to establish confidence that the product functions as intended…
Engineering Software Assurance into Weapons Systems During the DoD Acquisition Life Cycle
Software assurance (SwA) is the “level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, throughout the life cycle.” [4]…
The Software Assurance State-of-the-Art Resource
Unintentional and intentionally inserted vulnerabilities in software can provide adversaries with various avenues to reduce system effectiveness, render systems useless, or even use our systems against us. Unfortunately, it can be difficult to determine what…
Piloting Software Assurance Tools in the Department of Defense
In this article, we present and describe the JFAC Enterprise Software Licensing Pilot program activities during the 2016 fiscal year. During this period, JFAC provided limited quantities of Software Assurance tools to users in the…