View The Document

Accession Number:

AD1098234

Title:

Evidence of Assurance: Laying the Foundation for a Credible Security Case

Personal Author(s):

Weinstock,Charles B.

Lipson,Howard F.

Corporate Author:

Carnegie Mellon University Pittsburgh United States

Report Date:

2013-08-01

Abstract:

A security case bears considerable resemblance to a legal case, and demonstrates that security claims about a given system are valid. Persuasive argumentation plays a major role, but the credibility of the arguments and of the security case itself ultimately rests on a foundation of evidence. This article describes and gives examples of several of the kinds of evidence that can contribute to a security case. Our main focus is on how to understand, gather, and generate the kinds of evidence that can build a strong foundation for a credible security case.

Descriptive Note:

Technical Report

Pages:

0025

Descriptors:

software development

software testing

computer programming

security

standards

software assurance

Subject Categories:

Computer Programming and Software

Communities Of Interest:

Engineered Resilient Systems

Modernization Areas:

Cyber

Distribution Statement:

Approved For Public Release;

Contract Number:

FA8721-05-C-0003

File Size:

0.23MB

View The Document