Software Assurance Guidance and Evaluation (SAGE) Tool

reportActive / Technical Report | Accesssion Number: AD1174686 | Open PDF

Abstract:

The Software Assurance (SwA) Evaluation was developed by the Carnegie Mellon University Software Engineering Institute (SEI) to assess systems development and operations practices and to identify potential vulnerabilities and opportunities to improve and secure processes. The creation of the Software Assurance Guidance and Evaluation (SAGE) tool required a thorough analysis of the most popular standards and frameworks for software assurance, secure coding, Agile, and secure DevOps, used both in industry and government settings. As a result of this analysis, both the questions and the provided guidance draw from modern practices used in software design, development, test, and operation. The appendix contains a list of some of the standards and frameworks used in the elaboration of this tool.

Author(s):
Antunes, Luiz L. ; Mcneil, Ebonie ; Schiela, Robert B. ; Yasar, Hasan
Author Organization(s):
CARNEGIE-MELLON UNIV PITTSBURGH PA
Funding Organization(s):
AIR FORCE LIFE CYCLE MANAGEMENT CENTER HANSCOM AFB MA, HANSCOM AFB , MA
Document Type:
Technical Report/Technical Report
Publication Date:
2021 May 01
Pagination:
46

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:
A - Approved For Public Release
Distribution Statement: Public Release

RECORD

Collection: TRECMS
Identifying Numbers
Contract Number(s):
FA8702-15-D-0002
Subject Terms
Modernization Areas:
Microelectronics
Communities of Interest:
Cyber
Descriptor(s):
computer programming, computer programs, software development, software design, information systems, national security, software testing, failure mode and effect analysis, risk analysis, computers, test and evaluation, intrusion detection, lessons learned, risk, risk management, systems engineering, vulnerability
Subject Categories:
Mathematical and Computer Sciences
Creation Date:
2022 Jul 20
Update Date:
2022 Sep 07