This is a special Software Assurance (SwA) edition of the Journal of Cyber Security & Information Systems, published by the Cyber Security & Information Systems Information Analysis Center (CSIAC). This edition explores different aspects of developing, deploying and training on how to build assured software. Articles are contributed by software assurance practitioners from the DoD and civil government that are devoted to the advancement of secure development principles in U.S government critical systems.
Articles In This Issue
Introduction to Design and Development Process for Assured Software – DoD Software Assurance Community of Practice: Volume 1
Software is ubiquitous. It is at the core of every deployed critical system in the DoD (and our society for that matter). As our systems become more complex and the software that supports these systems explodes in size, our adversaries are presented with an ever increasing attack surface which they have repeatedly demonstrated the capability to exploit.Keys to Successful DoD Software Project Execution
Software is inherent in today’s complex systems and is often the primary cost, schedule, and technical performance driver in Department of Defense (DoD) programs. For DoD mission critical systems, the associated software size, complexity, interdependencies, reliance-on for mission and safety critical functionality, and software assurance (high quality and free from vulnerabilities) related challenges are all continuing to rapidly increase.Software Assurance in The Agile Software Development Lifecycle
Over the last 30 years, the DoD has struggled to adapt to the ever-changing world of software development. Of these many struggles, implementing Agile software development and practicing systems security engineering are two struggles that continue to plague the DoD. In an attempt to overcome...Hacker 101 & Secure Coding: A Grassroots Movement towards Software Assurance
The frequency and complexity of attacks upon the software assets of the United States Military is increasing at a rate which requires a massive organized response from the defense community. This threat is unlike anything encountered before and the response must be swift and focused. Currently the Navy and the Department of Defense are working multiple fronts in order to keep pace with the actual threats.Is Our Software REALLY Secure?
The answer to the question is NO – as noted in the DoD Director, Operational Test and Evaluation FY 2016 Annual Report despite the significant progress the DoD has made in improving the cybersecurity of DoD programs and networks “missions remain at risk when subjected to cyber-attacks emulating an advanced nation-state adversary.”Defense Technical Information Center’s (DTIC’s) Hidden Gems
The Defense Technical Information Center (DTIC) provides a host of products and services to the DoD and to users in government, industry and academia. One of the important facets of their services is access to a huge trove of scientific and technical information (STI) covering close to seven decades of military research and development (R&D).Development and Transition of the SEI Software Assurance Curriculum
In this article, we discuss the development and transition of the Software Engineering Institute’s (SEI’s) Software Assurance Curriculum. The Master of Software Assurance Reference Curriculum, developed under U.S. Department of Homeland Security (DHS) sponsorship, was endorsed by the Association for Computing Machinery (ACM) and IEEE Computer Society. Additional curriculum recommendations were made at the undergraduate and community college levels.