Software Assurance

Software assurance (SwA) is the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. The Department of Homeland Security sponsors a Software Assurance web site to enable greater resilience of cyber assets.

Software is essential to the operation of the Nation’s critical infrastructure. Vulnerabilities in software can jeopardize intellectual property, consumer trust, and business operations and services. A broad spectrum of critical applications and infrastructure, from process control systems to commercial application products, depend on secure, reliable software.

The SwA Pocket Guide Series comprises free, downloadable documents on software assurance in acquisition and outsourcing, software assurance in development, the software assurance life cycle, and software assurance measurement and information needs. Go to this web page to see the abstracts for the guides listed below and download the free PDF files.

SwA in Acquisition and Outsourcing

  • Software Assurance in Acquisition and Contract Language
    Acquisition and Outsourcing Volume I – (Version 1.1 July 31, 2009)
  • Software Supply Chain Risk Management and Due Diligence
    Acquisition and Outsourcing Volume II – (Version 1.2 June 16, 2009)

SwA in Development

  • Key Practices for Mitigating the Most Egregious Exploitable Software Weaknesses
    Development Volume II – (Version 1.3 May 24, 2009)
  • Software Security Testing
    Development Volume III – (Version 0.7 May 10, 2010)
  • Requirements and Analysis for Secure Software
    Development Volume IV – (Version 1.0, October 5, 2009)
  • Architecture and Design Considerations for Secure Software
    Development Volume V – (Version 1.3, February 22, 2011)
  • Secure Coding Development, Volume VI – (Version 1.1, February 22, 2011)

SwA Life Cycle

  • Software Assurance in Education, Training & Certification
    Life Cycle Support Volume I – (Version 2.2, March 16, 2011)

Future SwA Pocket Guides

  • Integrating Security in the Software Development Life Cycle
  • Security Considerations for Technologies, Methodologies & Languages
  • Secure Software Distribution, Deployment, & Operations
  • Code Transparency & Software Labels
  • Assurance Case Management
  • Assurance Process Improvement & Benchmarking
  • Secure Software Environment & Assurance Ecosystem
  • Penetration Testing throughout the Life Cycle
  • Making Software Security Measurable
  • Practical Measurement Framework for SwA & InfoSec
  • SwA Business Case & Return on Investment