![]() ![]() The team worked on the following major research projects in 2010, collaborating with researchers in other SEI teams, at CMU, and at other universities and organizations world-wide.For Anand, the goal was to create a platform that made comparison shopping simple, saving future grooms-to-be from the tedious job of inputting the same search parameters across a number of sites, for days and days on end. We're developing customizable frameworks, methods, and techniques that organizations can tailor to their existing software acquisition and engineering practices." "You build the recipe and then someone has to figure out how to cook it in their kitchen. "It's like creating a cookbook," says Carol Woody, technical manager for SSA. If organizations can see it works, there's a better chance they'll implement it. So the SSA team has been developing practical guidelines and techniques and then piloting them to show results that are able to be replicated. Wholesale change is difficult for organizations. Instead, there's a critical need for better integration into the way software is designed and built. One unexpected finding of the team's research is that developing additional practices won't enable more organizations to implement software assurance into their life cycle. Transitioning the results of this research is a critical focus for SSA. A major gap in the security education of software engineers is being addressed through the development of curricula for colleges and universities. The SSA team has developed frameworks, methods, assessments, and tools to support measurements and best practices identified to improve operational security and provide program management the ability to monitor software engineering to ensure effective consideration of security. ![]() Engineering software for effective security requires addressing all of these aspects to provide the ability to incorporate security as needed. For example, Microsoft's own data shows that the patch levels for versions of Windows that were developed after the security "push" are half of what they were for earlier versions.Ĭurrent approaches for software engineering apply a blend of training, frameworks, methods, tools, assessments, and best practices. With greater security preparation, organizations have seen major reductions in operational vulnerabilities resulting in reductions in software patching. Building security into software requires considerations beyond basic authentication/authorization and mandated operational compliance to identify and address the threat environment in which the resulting operational system must function. The Software Security Assurance (SSA) team focuses on addressing security in the early life-cycle phases of acquisition and software development. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |