This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Advancing Software Assurance with Public-Private Collaboration
September 2010 (vol. 43 no. 9)
pp. 21-30
Nancy R. Mead, Carnegie Mellon University
Joe Jarzombek, Department of Homeland Security
The Department of Homeland Security National Cyber Security Division's Software Assurance Program promotes the collaborative development of reliable measurement instruments and standards, opportunities for the exchange and dissemination of knowledge, a skilled workforce, and a secure software supply chain.

1. National Information Assurance (IA) Glossary, CNSS Instruction No. 4009, Committee on National Security Systems, 26 Apr. 2010; www.cnss.gov/Assets/pdfcnssi_4009.pdf.
2. The National Strategy to Secure Cyberspace, Dept. Homeland Security, Feb. 2003; www.dhs.gov/xlibrary/assetsNational_Cyberspace_Strategy.pdf.
3. J.H. Allen et al., Software Security Engineering: A Guide for Project Managers, Addison-Wesley Professional, 2008.
4. K.M. Goertzel and T. Winograd, Enhancing the Development Life Cycle to Produce Secure Software, v2.0, Data and Analysis Center for Software, Oct. 2008; https://www.thedacs.com/techsenhanced_life_cycles.
5. S. Simpson ed., Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today, Software Assurance Forum for Excellence in Code, 8 Oct. 2008; www.safecode.org/publicationsSAFECode_Dev_Practices1108.pdf.
6. Software Assurance: An Overview of Current Industry Best Practices, Software Assurance Forum for Excellence in Code, Feb. 2008; www.safecode.org/publicationsSAFECode_BestPractices0208.pdf.
7. K.M. Goertzel et al., Software Security Assurance: State-of-the-Art Report (SOAR), Information Assurance Technology Analysis Center/Data and Analysis Center for Software, 31 July 2007; http://iac.dtic.mil/iatac/downloadsecurity.pdf.
8. S.T. Redwine Jr., ed., Software Assurance: A Curriculum Guide to the Common Body of Knowledge to Produce, Acquire and Sustain Secure Software, Dept. Homeland Security, Oct. 2007; https://buildsecurityin.us-cert.gov/daisy/ bsi/940-BSI/version/default/part/AttachmentData/ dataCurriculumGuideToTheCBK.pdf.
9. S.T. Redwine Jr., Toward an Organization for Software System Security Principles and Guidelines, v1.0, IIIA Technical Paper 08-01, Inst. for Infrastructure and Information Assurance, James Madison Univ., Feb. 2008; www.jmu.edu/iiia/webdocs/ReportsSwA_Principles_Organization-sm.pdf.
10. N. Bartol and B.A. Hamilton, Practical Measurement Framework for Software Assurance and Information Security (draft), v1.0, 1 Oct. 2008; www.psmsc.com/Downloads/TechnologyPapers SwA%20Measurement%2010-08-08.pdf.
11. R. Creel, J. Dean, and C. Jones, Acquisition Measurement: A Collaborative Project of PSM, v1.1, tech. report, 21 July 2008; www.psmsc.com/Downloads/TechnologyPapers Acquisition%20Measurement%20-%20PSM%20-%2020080711-6.pdf.
12. N.R. Mead et al., Making the Business Case for Software Assurance, Special Report CMU/SEI-2009-SR-001, Software Eng. Inst., Carnegie Mellon Univ., Apr. 2009; www.sei.cmu.edu/reports09sr001.pdf.
13. Proc. Making the Business Case for Software Assurance Workshop, Software Eng. Inst., Carnegie Mellon Univ., 2008; https://buildsecurityin.us-cert.gov/bsi/ 1074-BSI/version/default/part/AttachmentData/ dataBCW_Proceedings.pdf.
14. R.J. Ellison and C. Woody, "Supply-Chain Risk Management: Incorporating Security into Software Development," Proc. 2010 43rd Hawaii Int'l Conf. Systems Sciences (HICSS-10), IEEE CS Press, 2010; www.computer.org/portal/web/csdl/doi/10.1109 HICSS.2010.355.
15. E. Chew et al., Performance Measurement Guide for Information Security, NIST Special Publication 800-55, National Inst. of Standards and Technology, July 2008; http://csrc.nist.gov/publications/nistpubs/ 800-55-Rev1SP800-55-rev1.pdf.
16. D. Shoemaker et al., "Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository," Proc. 2010 43rd Hawaii Int'l Conf. Systems Sciences (HICSS-10), IEEE CS Press, 2010; www.computer.org/portal/web/csdl/doi/10.1109 HICSS.2010.132.

Index Terms:
Software assurance, DHS Software Assurance Program, Security and privacy, Standards and best practices, Education
Citation:
Nancy R. Mead, Joe Jarzombek, "Advancing Software Assurance with Public-Private Collaboration," Computer, vol. 43, no. 9, pp. 21-30, Sept. 2010, doi:10.1109/MC.2010.247
Usage of this product signifies your acceptance of the Terms of Use.