Tools and techniques are emerging that allow us to directly evaluate software artifacts to gain assurance that they are free of exploitable vulnerabilities. This is complementary to the current capability to assess the process used to build the software and the ability to assess the specification and design of security-relevant features (encryption, authentication, etc.). The current ad-hoc use of these direct evaluation tools and techniques results in critical gaps in coverage and inefficiencies. In this paper, we explore an approach to using these tools in a more structured way that aligns with the desire to document an "assurance case" for a particular piece of software. The approach starts with having the user specify a list o...
How do we decide if it is safe to run a given piece of software on our machine? Software used to arr...
Programs often run under strict usage conditions (e.g., license restrictions) that could be broken i...
Programs often run under strict usage conditions (e.g., license restrictions) that could be broken i...
Evaluating the software assurance of a product as it functions within a specific system context invo...
The goal of our software assurance (SwA) landscape project is to create a usable frame-work that des...
It is difficult to state whether a certain software product is developed securely enough. An evaluat...
Software assurance refers to the justified confidence that software functions as intended and is fre...
Abstract-Security metrics for software systems provide quantitative measurement for the degree of tr...
Software security is concerned with the protection of data, facilities and applications from harm th...
With the increasing demand for developing high-quality and more reliable systems, the process of dev...
Today's software is often subject to attacks that exploit vulnerabilities. Since in the area of secu...
This paper proposes an ontology-based approach to analyzing and assessing the security posture for s...
This paper documents the experiences of assurance evaluation during the early stage of a large softw...
This research examines how software specifications could be used to build more-secure software. For ...
Perhaps the greatest challenge Information Technology (IT) professionals face today is providing evi...
How do we decide if it is safe to run a given piece of software on our machine? Software used to arr...
Programs often run under strict usage conditions (e.g., license restrictions) that could be broken i...
Programs often run under strict usage conditions (e.g., license restrictions) that could be broken i...
Evaluating the software assurance of a product as it functions within a specific system context invo...
The goal of our software assurance (SwA) landscape project is to create a usable frame-work that des...
It is difficult to state whether a certain software product is developed securely enough. An evaluat...
Software assurance refers to the justified confidence that software functions as intended and is fre...
Abstract-Security metrics for software systems provide quantitative measurement for the degree of tr...
Software security is concerned with the protection of data, facilities and applications from harm th...
With the increasing demand for developing high-quality and more reliable systems, the process of dev...
Today's software is often subject to attacks that exploit vulnerabilities. Since in the area of secu...
This paper proposes an ontology-based approach to analyzing and assessing the security posture for s...
This paper documents the experiences of assurance evaluation during the early stage of a large softw...
This research examines how software specifications could be used to build more-secure software. For ...
Perhaps the greatest challenge Information Technology (IT) professionals face today is providing evi...
How do we decide if it is safe to run a given piece of software on our machine? Software used to arr...
Programs often run under strict usage conditions (e.g., license restrictions) that could be broken i...
Programs often run under strict usage conditions (e.g., license restrictions) that could be broken i...