Software Assurance is about reducing software vulnerabilities, minimizing exploitation, and addressing ways to improve the routine development and deployment of trustworthy software products. Collectively, these activities enable more secure and reliable software that supports mission requirements across enterprises and the critical infrastructure. A major resource for SwA is the Dept. of Homeland Security (DHS) Build Security In web portal .
This topic includes all technical and managerial activities to assure a software product is properly developed and managed, specifically, the areas of configuration management, quality assurance, testing, verification and validation (V&V) and security.
Best Practices (1)
- Lessons Learned and Best Practices related to Software Assurance.
FAQs, Glossary, and Acronyms (1)
- Useful resources for finding answers to Frequently Asked Questions (FAQs) and definitions of Software Assurance and acronyms.
Literature (1)
- A collection of electronic and hardcopy articles, white papers, books, conference proceedings, journals, and technical reports on Software Assurance.
Configuration Management (10)
updated
- "Configuration Management is a discipline applying technical and
administrative direction and surveillance to identify and document the functional and physical characteristics of a configuration item, control changes to those characteristics, record and report change processing and implementation status, and verify compliance with specified requirements." IEEE-Std-610
CWE/SANS Top 25 Most Dangerous Programming Errors (6)
new
- The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities.
Software Quality (16)
updated
- A definition of quality should emphasize three important points: 1.) Software requirements are the foundation from which quality is measured. Lack of conformance to requirement is lack of quality. 2.) Specified standards define a set of development criteria that guide the manner in which software is engineered. If the criteria are not followed, lack of quality will almost surely result. 3.) There is a set of implicit requirements that often goes unmentioned (e.g. good maintainability). If software conforms to its explicit requirements but fails to meet implicit requirements, software quality is suspect.
Software Testing (23)
- The purpose of software testing is to assess and evaluate the quality of work performed at each step of the software development process. Although it sometimes seems that way, the purpose of testing is NOT to use up all the remaining budget or schedule resources at the end of a development
effort. The goal of testing is to ensure that the software performs as intended, and to improve software quality, reliability and maintainability.
This topic area contains sources for testing tools, information about testing techniques and current research in testing, and links to organizations, experts, events and literature devoted to software testing.
Verification and Validation (10)
- Verification and Validation (V&V) is a series of technical and managerial activities performed by someone other than the developer of a system to improve the quality and reliability of the system and assure the developed product satisfies the user's operational needs. Verification is the assurance that the products of a particular development phase are consistent with the requirements of that phase and preceding phase(s), while validation is the assurance that the final product meets system requirements. V&V can be performed by an outside agency, which is referred to as Independent V&V, or IV&V, or by a group within the organization but not the developer, referred to as Internal V&V. Use of V&V often accompanies testing, can improve quality assurance, and can reduce risk.
DACS Gold Practice Initiative
