Software Assurance Ecosystem
Turning Challenges into Solutions
The SwA Ecosystem is a formal framework for analysis and exchange of information related to software security and trustworthiness that
- provides a technical environment where formalized claims, arguments, and evidence can be brought together with formalized and abstracted software system representations to support high automation and high fidelity analysis
- is based entirely on international (ISO/IEC/OMG) Open Standards
- Semantics of Business Vocabulary and Rules (SBVR)
- Knowledge Discovery Meta-model (KDM)
- Software Assurance Meta-model (SAM)—work in progress for Assurance Case
- Software Assurance Evidence Meta-model
- Software Assurance Claims & Arguments Meta-model
- was architected with a focus on providing fundamental improvements in analysis
Leveraging What We Already Have Through the SwA Ecosystem
- The Software Assurance Ecosystem enables industry and government to leverage and connect existing standards, policies, practices, processes, and tools, in an affordable and efficient manner
- The key enabler is the Software Assurance (SwA) Ecosystem Infrastructure. It is an open standard-based integrated tooling environment that dramatically reduces the cost of software assurance activities.
- integrates different communities for an SwA solution
- formal methods
- reverse engineering
- static analysis
- dynamic analysis
- enables different tool types to interoperate
- introduces many new vendors to the ecosystem because they each leverage parts of the method/tool chain
See details for leveraging the use of the Software Assurance Ecosystem at the Object Management Group (OMG) Systems Assurance Task Force http://sysa.omg.org/, including means for integrating SwA within the software development life cycle with control points for Continuous Assurance.