The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.09 - September (2010 vol.43)
pp: 21-30
Nancy R. Mead , Carnegie Mellon University
Joe Jarzombek , Department of Homeland Security
ABSTRACT
The Department of Homeland Security National Cyber Security Division's Software Assurance Program promotes the collaborative development of reliable measurement instruments and standards, opportunities for the exchange and dissemination of knowledge, a skilled workforce, and a secure software supply chain.
INDEX TERMS
Software assurance, DHS Software Assurance Program, Security and privacy, Standards and best practices, Education
CITATION
Nancy R. Mead, Joe Jarzombek, "Advancing Software Assurance with Public-Private Collaboration", Computer, vol.43, no. 9, pp. 21-30, September 2010, doi:10.1109/MC.2010.247
REFERENCES
1. National Information Assurance (IA) Glossary, CNSS Instruction No. 4009, Committee on National Security Systems, 26 Apr. 2010; www.cnss.gov/Assets/pdfcnssi_4009.pdf.
2. The National Strategy to Secure Cyberspace, Dept. Homeland Security, Feb. 2003; www.dhs.gov/xlibrary/assetsNational_Cyberspace_Strategy.pdf.
3. J.H. Allen et al., Software Security Engineering: A Guide for Project Managers, Addison-Wesley Professional, 2008.
4. K.M. Goertzel and T. Winograd, Enhancing the Development Life Cycle to Produce Secure Software, v2.0, Data and Analysis Center for Software, Oct. 2008; https://www.thedacs.com/techsenhanced_life_cycles.
5. S. Simpson ed., Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today, Software Assurance Forum for Excellence in Code, 8 Oct. 2008; www.safecode.org/publicationsSAFECode_Dev_Practices1108.pdf.
6. Software Assurance: An Overview of Current Industry Best Practices, Software Assurance Forum for Excellence in Code, Feb. 2008; www.safecode.org/publicationsSAFECode_BestPractices0208.pdf.
7. K.M. Goertzel et al., Software Security Assurance: State-of-the-Art Report (SOAR), Information Assurance Technology Analysis Center/Data and Analysis Center for Software, 31 July 2007; http://iac.dtic.mil/iatac/downloadsecurity.pdf.
8. S.T. Redwine Jr., ed., Software Assurance: A Curriculum Guide to the Common Body of Knowledge to Produce, Acquire and Sustain Secure Software, Dept. Homeland Security, Oct. 2007; https://buildsecurityin.us-cert.gov/daisy/ bsi/940-BSI/version/default/part/AttachmentData/ dataCurriculumGuideToTheCBK.pdf.
9. S.T. Redwine Jr., Toward an Organization for Software System Security Principles and Guidelines, v1.0, IIIA Technical Paper 08-01, Inst. for Infrastructure and Information Assurance, James Madison Univ., Feb. 2008; www.jmu.edu/iiia/webdocs/ReportsSwA_Principles_Organization-sm.pdf.
10. N. Bartol and B.A. Hamilton, Practical Measurement Framework for Software Assurance and Information Security (draft), v1.0, 1 Oct. 2008; www.psmsc.com/Downloads/TechnologyPapers SwA%20Measurement%2010-08-08.pdf.
11. R. Creel, J. Dean, and C. Jones, Acquisition Measurement: A Collaborative Project of PSM, v1.1, tech. report, 21 July 2008; www.psmsc.com/Downloads/TechnologyPapers Acquisition%20Measurement%20-%20PSM%20-%2020080711-6.pdf.
12. N.R. Mead et al., Making the Business Case for Software Assurance, Special Report CMU/SEI-2009-SR-001, Software Eng. Inst., Carnegie Mellon Univ., Apr. 2009; www.sei.cmu.edu/reports09sr001.pdf.
13. Proc. Making the Business Case for Software Assurance Workshop, Software Eng. Inst., Carnegie Mellon Univ., 2008; https://buildsecurityin.us-cert.gov/bsi/ 1074-BSI/version/default/part/AttachmentData/ dataBCW_Proceedings.pdf.
14. R.J. Ellison and C. Woody, "Supply-Chain Risk Management: Incorporating Security into Software Development," Proc. 2010 43rd Hawaii Int'l Conf. Systems Sciences (HICSS-10), IEEE CS Press, 2010; www.computer.org/portal/web/csdl/doi/10.1109 HICSS.2010.355.
15. E. Chew et al., Performance Measurement Guide for Information Security, NIST Special Publication 800-55, National Inst. of Standards and Technology, July 2008; http://csrc.nist.gov/publications/nistpubs/ 800-55-Rev1SP800-55-rev1.pdf.
16. D. Shoemaker et al., "Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository," Proc. 2010 43rd Hawaii Int'l Conf. Systems Sciences (HICSS-10), IEEE CS Press, 2010; www.computer.org/portal/web/csdl/doi/10.1109 HICSS.2010.132.
16 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool