• SwA Communities
• SwA Forums & Working Groups
• Workforce Education & Training
•     - Activities
•     - Resources
•     - Collaborations
•     - Licensing and Certification
• Processes & Practices
•     - Activities
•     - Resources
•     - Collaborations
• Technology & Tools
•     - Activities
•     - Resources
•     - Collaborations & Research
• Acquisition & Outsourcing
•     - Activities
•     - Resources
•     - Collaborations
• Measurement & Business Case
•     - Activities
•     - Resources
•     - Business Case
•     - Collaborations & Examples
•     - Resources
• Malware & Cyber Observables
•     - Activities
•     - Resources
• Resilient Software
• SwA Market Place
• SwA Landscape
• SwA Ecosystem
• Security Automation & Measurement
• Build Security In

About Software Assurance

As part of its Software Assurance Program, DHS sponsors this website and its sister website, Build Security In, to enable greater resilience of cyber assets.

Software is essential to the operation of the Nation’s critical infrastructure. Vulnerabilities in software can jeopardize intellectual property, consumer trust, and business operations and services. A broad spectrum of critical applications and infrastructure, from process control systems to commercial application products, depend on secure, reliable software.

Software assurance (SwA) is the level of confidence that soft ware is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner (from CNSS 4009 IA Glossary - see Wikipedia for definitions and descriptions).

Why is Software Assurance Critical?

The nation's critical infrastructure (energy, transportation, telecommunications, etc.), businesses, and services are extensively and increasingly controlled and enabled by software. Vulnerabilities in that software put those resources at risk. The risk is compounded by software size and complexity, the use of software produced by unvetted suppliers, and the interdependence of software systems. Software assurance deals with the root of the problem by improving software security.

How is Software Assurance Advancing?

The Software Assurance Forums and Working Groups have provided collaborative venues for stakeholders to share and advance techniques and technologies relevant to software security. SwA Working Groups provide resources and seek ongoing feedback to improve those resources.

Many advances are described in the SwA Landscape, the SwA Ecosystem, and the SwA Market Place.

Software Security Assurance: A State-of-the-Art Report (SOAR) represents an output of collaborative efforts of organizations and individuals in the SwA Forum and working groups. The SOAR provides an overview of the current state of the environment in which software must operate and surveys current and emerging activities and organizations involved in promoting various aspects of software security assurance. The report also describes the variety of techniques and technologies in use in government, industry, and academia for specifying, acquiring, producing, assessing, and deploying software that can, with a justifiable degree of confidence, be said to be secure. The report also presents observations about noteworthy trends in software security assurance as a discipline. Many other SwA resources are provided by the SwA working groups.

Learn more about the background, benefits, and intended outcomes of the SwA Forum and Working Group Sessions.

Read Frequently Asked Questions about the SwA Forum and Working Group Sessions.

 

Contact Us Terms of Use Privacy Policy Sitemap Get a PDF Reader ©2013 Department of Homeland Security