| Software Assurance Curriculum Project Volume 3: Master of Software Assurance Course Syllabi |
Jul 2011 |
117 pages |
| Authors:
Nancy R Mead; Julia H Allen; Mark Ardis; Thomas B Hilburn; Andrew J Kornecki; Richard C Linger; CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
|
 | Modern society depends on software systems of ever-increasing scope and complexity in virtually every sphere of human activity, including business, finance, energy, transportation, education, communication, government, and defense. Because the consequences of failure can be severe, dependable functionality and security are essential. As a result, software assurance is emerging as an important discipline for the development, acquisition, and operation of software systems and services that provide requisite levels of dependability ... |
|
| Integrating the Master of Software Assurance Reference Curriculum into the Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems |
Feb 2011 |
31 pages |
| Authors:
Dan Shoemaker; Nancy R Mead; Jeff Ingalsbe; CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
|
| Training personnel to assure the secure development, sustainment, and acquisition of software code is a national priority. However, in the secure software domain, there is no single, commonly accepted point of reference to direct software assurance education and training. In response to this problem, the CERT(Registered Trademark) Program at Carnegie Mellon University's Software Engineering Institute recently led the development of a Master of Software Assurance (MSwA) Reference Curriculum. This report ... |
|
| CrossTalk: The Journal of Defense Software Engineering. Volume 23, Number 5, September/October 2010 |
Oct 2010 |
33 pages |
| Authors:
Kasey Thompson; Yannick Moy; Robert J Ellison; Thomas A Augustine; Robin A Gandhi; Sean Barnum; Nancy R Mead; Drew Brown; Chelene Fortier-Lozancich; 517 SOFTWARE MAINTENANCE SQUADRON HILL AFB UT
|
| CrossTalk,The Journal of Defense Software Engineering is co-sponsored by the Office of the Secretary of Defense (OSD) Acquisition, Technology and Logistics (AT&L); U.S. Navy (USN); U.S. Air Force (USAF); and the U.S. Department of Homeland Security (DHS). OSD (AT&L) co-sponsor: Software Engineering and System Assurance. USN co-sponsor: Naval Air Systems Command. USAF co-sponsor: Ogden-ALC 309 SMXG. DHS co-sponsor: National Cybersecurity Division in the National Protection and Programs Directorate. The USAF ... |
|
| Building Assured Systems Framework |
Sep 2010 |
|
| Authors:
Nancy R Mead; Julia H Allen; CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
|
 | Researchers at the CERT (trademark) Program, part of Carnegie Mellon University's Software Engineering Institute, need a framework to organize research and practice areas focused on building assured systems. The Building Assured Systems Framework (BASF) addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems. After reviewing existing life-cycle process models, security models, and security research frameworks, the authors used the Master of Software ... |
|
| Software Assurance Curriculum Project Volume 2: Undergraduate Course Outlines |
Aug 2010 |
|
| Authors:
Nancy R Mead; Thomas B Hilburn; Richard C Linger; CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
|
| Modern society depends on software systems of ever-increasing scope and complexity. Virtually every sphere of human activity is impacted by these systems, from social interaction in our personal lives to business, energy, transportation, education, communication, government, and defense. Because the consequences of failure can be severe, dependable functionality and security are essential. As a result, software assurance is emerging as an important discipline for the development, acquisition, and operation of ... |
|
| Software Assurance Curriculum Project Volume 1: Master of Software Assurance Reference Curriculum |
Aug 2010 |
|
| Authors:
Nancy R Mead; Julia H Allen; Mark Ardis; Thomas B Hilburn; Andrew J Kornecki; Richard Linger; James McDonald; CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
|
| Modern society depends on software systems of ever-increasing scope and complexity in virtually every sphere of human activity, including business, finance, energy, transportation, education, communication, government, and defense. Because the consequences of failure can be severe, dependable functionality and security are essential. As a result, software assurance is emerging as an important discipline for the development, acquisition, and operation of software systems and services that provide requisite levels of dependability ... |
|
| Crosstalk: The Journal of Defense Software Engineering. Volume 22, Number 3 |
Apr-2009 |
33 pages |
| Authors:
Kasey Thompson; Arlene F Minkiewicz; Lew Priven; Roger Stewart; Paul E Black; John Morley; John Klein; William G Wood; Michael Gagliardi; D T Rao; Jeffrey A Ingalsbe; Dan Shoemaker; Nancy R Mead; Katherine Baxter; SOFTWARE TECHNOLOGY SUPPORT CENTER HILL AFB UT
|
| We all have been taught sound practices since childhood. Remember the ol' dental mantra of don't forget to brush your teeth after each meal? Those instructions were soon augmented with a warning that brushing alone was not enough, and that flossing and regular check-ups were needed to reinforce brushing and prevent the development of dental maladies. Our experience with these routines over our lifetime confirms the worth of reinforcing good, ... |
|
| Making the Business Case for Software Assurance |
Apr-2009 |
|
| Authors:
John Harrison; Nancy R Mead; Dan Shoemaker; Julia H Allen; W A Conklin; Antonio Drommi; Jeff Ingalsbe; James Rainey; CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
|
| This report provides guidance for those who want to make the business case for building software assurance into software products during each software development life-cycle activity. The business case defends the value of making additional efforts to ensure that software has minimal security risks when it is released and shows that those efforts are most cost-effective when they are made appropriately throughout the development life cycle. Although there is no ... |
|
| CrossTalk: The Journal of Defense Software Engineering. Volume 21, Number 1 |
01-Jan-2008 |
33 pages |
| Authors:
Lyle N Long; Robert B Dewar; Lew Priven; Roger Stewart; Christopher Bohn; Jeffrey A Ingalsbe; Dan Shoemaker; Nancy R Mead; Rayford B Vaughn; Jeffrey C Carver; Lulu He; Edmond Schonberg; SOFTWARE TECHNOLOGY SUPPORT CENTER HILL AFB UT
|
| CONTENTS: 1) The Critical Need for Software Engineering Education by Dr. Lyle N. Long: Long describes the need for more dedicated software engineering educational programs and professional software engineering certification programs in the United States. 2) Using Inspections to Teach Requirements Validation by Lulu He, Dr. Jeffrey C. Carver, and Dr. Rayford B. Vaughn: This article describes an experiment conducted in a graduate-level requirements engineering course to provide students a ... |
|
| Experiences in Eliciting Security Requirements |
01-Dec-2006 |
|
| Authors:
Nancy R Mead; CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
|
| There are many requirements elicitation methods, but we seldom see elicitation performed specifically for security requirements. One reason for this is that few elicitation methods are specifically directed at security requirements. Another factor is that organizations seldom address security requirements elicitation specifically and instead lump them in with other traditional requirements elicitation methods. This article describes an approach for doing trade-off analysis among requirements elicitation methods. Several case studies were ... |
|
| CrossTalk: The Journal of Defense Software Engineering. Volume 18, Number 10 |
01-Oct-2005 |
33 pages |
| Authors:
Gary M McGraw; Jim Alves-Foss; Paul W Oman; Nadine Hanebutte; W S Harrison; Steven Hofmeyr; Linda Ibrahim; Ronda R Henning; Samuel T Jr; Redwine; Nancy R Mead; Alec Main; SOFTWARE TECHNOLOGY SUPPORT CENTER HILL AFB UT
|
| "Engineering Security Into the Software Development Life Cycle," by Gary M. McGraw and Nancy R. Mead -- The Build Security In Software Assurance Initiative promotes less vulnerable software with security built in from the start. "Creating a Software Assurance Body of Knowledge," by Samuel T. Redwine Jr. -- This article presents an initiative to assemble the knowledge to acquire, develop, and sustain secure software with functionality. "Designing for Disaster: Building ... |
|
Reports by Author
