This issue is a special Software Assurance (SwA) edition of the Journal of Cyber Security & Information Systems, published by the Cyber Security & Information Systems Information Analysis Center (CSIAC). This edition explores different aspects of software assurance competencies that can be used to improve software assurance functions and how to develop/deploy assured software throughout the lifecycle acquisition process. Articles are contributed by software assurance practitioners from the DoD and civil government that are devoted to the advancement of secure development principles in U.S government critical systems.
Articles In This Issue
Introduction to Tools & Testing Techniques for Assured Software – DoD Software Assurance Community of Practice: Volume 2
Greetings, it is my honor to introduce the second of two special software assurance (SwA) editions of the Journal of Cyber Security & Information Systems, published by the Cyber Security & Information Systems Information Analysis Center (CSIAC). Our systems continue to increase their reliance on...SARD: Thousands of Reference Programs for Software Assurance
One way to understand the strengths and limitations of software assurance tools is to use a corpus of programs with known bugs. The software developer can run a candidate tool on programs in the corpus to get an idea of the kinds of bugs that...Improving Software Assurance through Static Analysis Tool Expositions
The National Institute of Standards and Technology Software Assurance Metrics and Tool Evaluation team conducts research in static analysis tools that find security-relevant weaknesses in source code. This article discusses our experiences with Static Analysis Tool Expositions (SATEs) and how we are using that experience...Software Assurance Adoption through Open Source Tools
Software and Security engineering as a discipline is getting increased attention across the Department of Defense (DoD) as a mission enabler. Historically the DoD used an engineering approach that is independent from the type of product. Hardware and software then followed the same generic engineering...Software Assurance Measurement – Establishing a Confidence that Security is Sufficient
Measuring the software assurance of a product as it functions within a specific system context involves assembling carefully chosen metrics that demonstrate a range of behaviors to establish confidence that the product functions as intended and is free of vulnerabilities. The first challenge is to...Engineering Software Assurance into Weapons Systems During the DoD Acquisition Life Cycle
Software assurance (SwA) is the “level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software, throughout the life cycle.” [4] The latest change to Department of Defense (DoD) Instruction (DoDI)...The Software Assurance State-of-the-Art Resource
Unintentional and intentionally inserted vulnerabilities in software can provide adversaries with various avenues to reduce system effectiveness, render systems useless, or even use our systems against us. Unfortunately, it can be difficult to determine what types of tools and techniques exist for evaluating software, and...Piloting Software Assurance Tools in the Department of Defense
In this article, we present and describe the JFAC Enterprise Software Licensing Pilot program activities during the 2016 fiscal year. During this period, JFAC provided limited quantities of Software Assurance tools to users in the DoD with an aim of evaluating how the use of...