Mapping the Software Assurance Landscape: A Guide to What’s Going On In the Community Sean Barnum

© 2006 Cigital Inc. All Rights Reserved. 2 So Tell Us About What’s Going On in SwA

© 2006 Cigital Inc. All Rights Reserved. 3 Software Assurance Landscape Paper The landscape paper is intended to:  Draw a somewhat broad picture of the organizations and efforts of the software assurance landscape  Identify and describe various knowledge resources being developed and made available by these efforts  Describe and explore how many of these efforts and knowledge resources are actually mutually supportive, well aligned, and complimentary  Identify gaps and opportunities in the current landscape Structure  Intro & Purpose of Landscape  Brief overview and scoping of “Software Assurance”  Software Assurance State of the Art/Practice Summary  Software Assurance Landscape Index  Software Assurance Domain Summaries  Graphical Representations of Landscape  Software Assurance Knowledge, Activities and Initiatives  Targeted Capabilities  Software Assurance Roadmap

© 2006 Cigital Inc. All Rights Reserved. 4 Landscape Index Objective: Present full list of organizations, activities and knowledge in an organized taxonomy to more easily identify items of interest Key Domains  Communities & Leadership  Developing and Maintaining Software-based Systems  Operation and Maintenance of Systems and Networks  Evaluating, Certifying, Reviewing, and Monitoring Compliance of Software-base Systems  Formalization and Enabling Technologies for Implementing Security Guidelines and Specifications  Research & Development (R&D)  Education  Acquisition & Marketing  Forums, Conferences, Colloquia, Working Groups, etc.

© 2006 Cigital Inc. All Rights Reserved. 5 Domain Summaries & Graphical Representations Domain Summaries Objective: Prose descriptions of each organization, activity and knowledge resource along with explanations of the relationships between them A good place to start Graphical Representations Objective: Present single picture overviews of the interrelationships between elements of a given type Currently complete: Knowledge To be created: Organizations & Activities

© 2006 Cigital Inc. All Rights Reserved. 6 SwA Efforts in Context

© 2006 Cigital Inc. All Rights Reserved. 7 Software Assurance Knowledge, Activities and Initiatives Enumerated list of all of the identified organizations, activities and knowledge Each entry includes:  A very brief description of the element  Links and references to where you can go to learn more  Who is sponsoring or leading  Eventually, descriptions of how this element is related to other elements in the enumeration

© 2006 Cigital Inc. All Rights Reserved. 8 Targeted Capabilities & SwA Roadmap Targeted Capabilities outlines capabilities that the SwA community seeks to achieve with the elements of the landscape This listing helps to establish the beginnings of a framework for identifying gaps in the current landscape SwA Roadmap is intended to link to various specifically actionable roadmaps that may exist for filling identified gaps in the landscape

© 2006 Cigital Inc. All Rights Reserved. 9 Challenges & Future Plans Challenges How tightly to bound the landscape to software assurance Requires many different perspectives (noone knows it all) Gathering adequate details on such a large number and wide variety of organizations, activities and knowledge Keeping landscape current Future Plans Continue to flesh out and revise current content Identify new content and expand Eventually deploy as a website

© 2006 Cigital Inc. All Rights Reserved. 10 Opportunities for Involvement Need your assistance with identifying other relevant topics of interest Need your assistance with identifying other relevant organizations, activities and knowledge Need your assistance with descriptive detail for each organization, activity or knowledge entry Need your perspective on how to make this more valuable Need your assistance in spreading the word To get involved, Sean or Bob