Mapping the Software Assurance Landscape:
A Guide to What’s Going On In the Community
Sean Barnum
2 © 2006 Cigital Inc. All Rights Reserved.
So Tell Us About What’s Going On in SwA
3 © 2006 Cigital Inc. All Rights Reserved.
Software Assurance Landscape Paper
The landscape paper is intended to: Draw a somewhat broad picture of the organizations and efforts of the software assurance
landscape Identify and describe various knowledge resources being developed and made available by these
efforts Describe and explore how many of these efforts and knowledge resources are actually mutually
supportive, well aligned, and complimentary Identify gaps and opportunities in the current landscape
Structure Intro & Purpose of Landscape Brief overview and scoping of “Software Assurance” Software Assurance State of the Art/Practice Summary Software Assurance Landscape Index Software Assurance Domain Summaries Graphical Representations of Landscape Software Assurance Knowledge, Activities and Initiatives Targeted Capabilities Software Assurance Roadmap
4 © 2006 Cigital Inc. All Rights Reserved.
Landscape Index
Objective: Present full list of organizations, activities and knowledge in an organized taxonomy to more easily identify items of interest
Key Domains Communities & Leadership
Developing and Maintaining Software-based Systems
Operation and Maintenance of Systems and Networks
Evaluating, Certifying, Reviewing, and Monitoring Compliance of Software-base Systems
Formalization and Enabling Technologies for Implementing Security Guidelines and Specifications
Research & Development (R&D)
Education
Acquisition & Marketing
Forums, Conferences, Colloquia, Working Groups, etc.
5 © 2006 Cigital Inc. All Rights Reserved.
Domain Summaries & Graphical Representations
Domain Summaries Objective: Prose descriptions of each organization, activity and knowledge
resource along with explanations of the relationships between them
A good place to start
Graphical Representations Objective: Present single picture overviews of the interrelationships
between elements of a given type
Currently complete: Knowledge To be created: Organizations & Activities
6 © 2006 Cigital Inc. All Rights Reserved.
SwA Efforts in Context
7 © 2006 Cigital Inc. All Rights Reserved.
Software Assurance Knowledge, Activities and Initiatives
Enumerated list of all of the identified organizations, activities and knowledge
Each entry includes: A very brief description of the element Links and references to where you can go to learn more Who is sponsoring or leading Eventually, descriptions of how this element is related to other
elements in the enumeration
8 © 2006 Cigital Inc. All Rights Reserved.
Targeted Capabilities & SwA Roadmap
Targeted Capabilities outlines capabilities that the SwA community seeks to achieve with the elements of the landscape
This listing helps to establish the beginnings of a framework for identifying gaps in the current landscape
SwA Roadmap is intended to link to various specifically actionable roadmaps that may exist for filling identified gaps in the landscape
9 © 2006 Cigital Inc. All Rights Reserved.
Challenges & Future Plans
Challenges How tightly to bound the landscape to software assurance
Requires many different perspectives (noone knows it all)
Gathering adequate details on such a large number and wide variety of organizations, activities and knowledge
Keeping landscape current
Future Plans Continue to flesh out and revise current content
Identify new content and expand
Eventually deploy as a website
10 © 2006 Cigital Inc. All Rights Reserved.
Opportunities for Involvement
Need your assistance with identifying other relevant topics of interest
Need your assistance with identifying other relevant organizations, activities and knowledge
Need your assistance with descriptive detail for each organization, activity or knowledge entry
Need your perspective on how to make this more valuable
Need your assistance in spreading the word
To get involved, email Sean ([email protected]) or Bob ([email protected])
Top Related