Accession Number:

AD1083906

Title:

DoD Developer's Guidebook for Software Assurance

Descriptive Note:

Technical Report

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States

Report Date:

2018-12-01

Pagination or Media Count:

111.0

Abstract:

Software assurance refers to the justified confidence that software functions as intended and is free of vulnerabilities throughout the product lifecycle. While free of vulnerabilities is the ideal, in practice the objective is to manage the risk associated with vulnerabilities. To that end, this guidebook helps software developers understand expectations for software assurance. Because developers need to be aware of the regulatory background in which their projects operate, the guide-book summarizes standards and requirements that affect software assurance decisions and provides pointers to key resources that developers should consult. The State-of-the-Art Resources SOAR for Software Vulnerability Detection, Test, and Evaluation report is particularly valuable for developers creating software for the Department of Defense, so the guidebook includes a summary of the report and its approach for selecting tools. It provides a bottom-up approach to tool selection, considering what activities and tools are typically appropriate at different stages of the development or product lifecycle. It also includes guidance for special lifecycle considerations, such as new development and system reengineering. Metrics that may be useful in selecting and applying tools or techniques during development are also discussed. Finally, special sections are devoted to assurance in software sustainment and software acquisition.

Subject Categories:

  • Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE