• SwA Communities
• SwA Forums & Working Groups
• Workforce Education & Training
•     - Activities
•     - Resources
•     - Collaborations
•     - Licensing and Certification
• Processes & Practices
•     - Activities
•     - Resources
•     - Collaborations
• Technology & Tools
•     - Activities
•     - Resources
•     - Collaborations & Research
• Acquisition & Outsourcing
•     - Activities
•     - Resources
•     - Collaborations
• Measurement & Business Case
•     - Activities
•     - Resources
•     - Business Case
•     - Collaborations & Examples
•     - Resources
• Malware & Cyber Observables
•     - Activities
•     - Resources
• Resilient Software
• SwA Market Place
• SwA Landscape
• SwA Ecosystem
• Security Automation & Measurement
• Build Security In

Workforce Education & Training Working Group

Activities

The Workforce Education and Training Working Group has taken its initial steps toward achieving adequate education and training on software security and assurance, including the documenting of the body of knowledge related to software security. While it has so far mainly affected the US, its scope is worldwide and extends beyond security to assuring other aspects of software systems.

Guide to the Common Body of Knowledge

The working group's first major product has been a body of knowledge for software security titled Software Assurance: A Curriculum Guide to the Common Body of Knowledge to Produce, Acquire, and Sustain Secure Software. The guide was edited by Samuel T. Redwine, Jr. and authored by him and other members of the working group, with the aid of experts from the US and elsewhere.

The Guide identifies the additional body of knowledge necessary to develop, sustain, acquire, and assure secure software beyond that normally required for software where safety and security are not concerns. It can be used to

• identify competencies needed in the software development workforce
• learn about standards and best practices for the development and acquisition of secure software
• guide curriculum development for software assurance education and training

Draft CBK content is being used by early adopters in graduate level courses in secure coding and in the NDU Information Resource Management College (IRMC) CISO Certificate Program course on software assurance.

As security is now a “normal” software concern, portions of this knowledge have become essential for most individuals and organizations involved in software and related education, training, and governance.

To participate in creating the body of knowledge or to find out more about this effort, download the PDF from the Build Security In Web site.

A backgrounder on the guide is also available.

Software System Security Principles and Guidelines

Version 1.0 of Towards an Organization for Software System Security Principles and Guidelines, by Samuel T. Redwine, Jr., is available.

This report contains an extensive set of software system security principles and guidelines organized in a logical, in-depth fashion. As well as providing coherence, the structure provides grounds for arguing completeness - at least at the higher levels. Historically, principles and guidelines for software system security have originated variously over thirty-plus years, and their authors have tended to provide flat lists occasionally organized topically, by major life-cycle stages, or by the author's judgment of importance. The result was hundreds of items whose relationships to each other were unclear and therefore hard to systematically learn, remember, and teach. This document provides previously lacking coherence and completeness.

This is the first highly organized presentation of such a comprehensive set of principles and guidelines. Its structure emphasizes how they relate to each other. The organization aims to start with the most basic, abstract, or inclusive ones and recursively identify the ones that are logically subordinate to each - generally as parts, partial solutions, or causes of them. Thus, it aims to begin to bring needed coherence and intellectual manageability to the area.

 

Contact Us Terms of Use Privacy Policy Sitemap Get a PDF Reader ©2013 Department of Homeland Security