Entries Tagged as 'Software Assurance '

Heartbleed and Goto Fail: Two Case Studies for Predicting Software Assurance Using Quality and Reliability Measures

Measurement & Analysis , Software Assurance 1 Comment »

By Carol Woody
Technical Manager of the Cybersecurity Engineering Team
CERT Division

This post was co-authored by Bill Nichols.

Carol Woody Mitre’s Top 25 Most Dangerous Software Errors is a list that details quality problems, as well as security problems. This list aims to help software developers “prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped.” These vulnerabilities often result in software that does not function as intended, presenting an opportunity for attackers to compromise a system. This blog post highlights our research in examining techniques used for addressing software defects in general and how those can be applied to improve security detection and management.

Read more...

Resilience, Metrics, Sustainment, and Software Assurance – The Latest Research from the SEI

Resilience Management Model (RMM) , Software Assurance No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. SchmidtAs part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in resilience, metrics, sustainment, and software assurance. This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

Software Assurance, Social Networking Tools, Insider Threat, and Risk Analysis—The Latest Research from the SEI

Insider Threat , Insider Threat Patterns , Software Assurance No Comments »

By Douglas C. Schmidt
Principal Researcher

Douglas C. Schmidt As part of an ongoing effort to keep you informed about our latest work, I would like to let you know about some recently published SEI technical reports and notes. These reports highlight the latest work of SEI technologists in software assurance, social networking tools, insider threat, and the Security Engineering Risk Analysis Framework (SERA). This post includes a listing of each report, author(s), and links where the published reports can be accessed on the SEI website.

Read more...

Data Analytics for Open Source Software Assessment

Emerging Technologies , Open Source Software , Software Assurance , Software Quality No Comments »

By Kate Ambrose Sereno
Technical Analyst
SEI Emerging Technology Center

This post was co-authored by Naomi Anderson

Kate Ambrose-SerenoIn 2012, the White House released its federal digital strategy. What’s noteworthy about this release is that the executive office distributed the strategy using Bootstrap, an open source software (OSS) tool developed by Twitter and made freely available to the public via the code hosting site GitHub. This is not the only evidence that we have seen of increased government interest in OSS adoption. Indeed, the 2013 report The Future of Open Source Software revealed that 34 percent of its respondents were government entities using OSS products. The Carnegie Mellon University Software Engineering Institute (SEI) has seen increased interest and adoption of OSS products across the federal government, including the Department of Defense (DoD), the intelligence community (IC), and the Department of Homeland Security. The catalyst for this increase has been innovators in government seeking creative solutions to rapidly field urgently needed technologies. While the rise of OSS adoption signals a new approach for government acquirers, it is not without risks that that must be acknowledged and addressed, particularly given current certification and accreditation (C&A) techniques. This blog post will discuss research aimed at developing adoptable, evidence-based, data-driven approaches to evaluating (open source) software.

Read more...

A Strategic Approach to Software Assurance

Software Assurance No Comments »

By Mike McLendon,
Associate Director
Software Solutions Division

Mike McLendonSoftware is the principal, enabling means for delivering system and warfighter performance across a spectrum of Department of Defense (DoD) capabilities. These capabilities span the spectrum of mission-essential business systems to mission-critical command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) systems to complex weapon systems. Many of these systems now operate interdependently in a complex net-centric and cyber environment. The pace of technological change continues to evolve along with the almost total system reliance on software. This blog posting examines the various challenges that the DoD faces in implementing software assurance and suggests strategies for an enterprise-wide approach.

Read more...