Defect free software is a critical national priority. Yet, we still do not fully understand the shape of the field that underlies the process of producing, sustaining and acquiring secure software. Specifically, there is no common agreement on the knowledge requirements for the field, nor is there even full agreement about the activities that legitimately comprise the process itself. Recognizing this, the Department of Defense, through the National Security Agency, has begun a three-year study to characterize the form and contents of the discipline of software assurance. This type of rigorous study is a necessary first step in formulating an academic study of the field. It is also a pre-requisite to formulating the practical steps necessary to achieve a secure software base. The first phase of the project, which has just been completed, created a database containing the known empirical, theoretical, critical/analytic and methodological knowledge elements of the field. This report utilizes that database to characterize the current state of secure software assurance work and suggest future directions.
[1]
Jeffrey A. Ingalsbe,et al.
Integrating Software Assurance Knowledge Into Conventional Curricula
,
2008
.
[2]
Jeffrey A. Ingalsbe,et al.
A Comparison of the Software Assurance Common Body of Knowledge to Common Curricular Standards
,
2007,
20th Conference on Software Engineering Education & Training (CSEET'07).
[3]
Wm. Arthur Conklin,et al.
Secure Software Engineering: A New Paradigm
,
2007,
2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).
[4]
Gene Tyler.
Information Assurance Technology Analysis Center (IATAC)
,
2008
.
[5]
Jerome H. Saltzer,et al.
The protection of information in computer systems
,
1975,
Proc. IEEE.
[6]
George W. Bush,et al.
National Strategy to Secure Cyberspace
,
2003
.