The cyber security engineering team focuses on research and education to help acquirers, managers, developers, and operators of large-scale, complex, networked systems address security and survivability throughout the development and acquisition life cycles, especially in the early stages. Realizing how difficult it is for organizations to change development approaches, the team has created methods and solutions that can be integrated into existing practices. When security is built into software from the ground up, software is more resistant to attacks. Learn more about how organizations benefit from focusing on security in the early stages of the software development life cycle.
The team is also working on the software assurance curriculum, an important project to prepare the next generation of software security experts.
Solutions for Software Engineers
Software assurance is more than checking off boxes for compliance, but many software engineers don’t fully understand what it is or know how to start addressing it. Click on the graphic below to learn more about how our work in the following areas can help you understand and implement software assurance.
- Security Quality Requirements Engineering (SQUARE): Learn how to build security into the early stages of the production cycle through this nine-step process. Tools are available that adapt the SQUARE process to consider privacy requirements (P-SQUARE) and acquisition (A-SQUARE).
- Supply Chain Assurance: Learn how you can reduce risk from software defects while leveraging the significant opportunities afforded by supply chains. These defects can not only lead to unexpected behaviors and system failures but also attacks through software vulnerabilities.
- Software Security Assurance Measurement and Analysis: Learn how to establish, specific, and measure justified confidence that a software-reliant product is sufficiently secure to meet operational needs.
- Survivability Analysis Framework (SAF): Learn how to analyze complexity and integration issues throughout the development life cycle to ensure that development is proceeding as planned and how to link security decisions to mission-critical needs.
- Complexity Modeling and Analysis: Learn how modeling can offer a viable, reasoned way to describe problem complexity within the security assurance ecosystem and with sufficient insight to identify opportunities for real improvement.
The demand for skilled professionals who can build security and correct functionality into software development is rapidly increasing. Recognizing this demand, we are collaborating with educators on a software assurance curriculum and other educational materials for undergraduate, graduate, and college levels.
