Mission and Vision Statement

Software Assurance For The Acquisition Enterprise

Check Mark Software Assurance (SwA) is the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that software functions in the intended manner.



Army Vehicle Why Software Assurance Is Critical to Today's Army: Software continues to take on an increasingly pervasive and essential role in Army systems. Mission Critical Defense Systems (MCDS) built with inadequate security and unknown but critical flaws put military data, operations and sensitive information at significant risk, especially given that most of these systems operate on the Department of Defense Information Networks (DoDIN).

Server Room SEC's Software Assurance Mission
Establish a software assurance (SwA) capability throughout Team C4ISR that enables "building security in" with the capacity to deliver software mission assurance.


Soldier SEC's Software Assurance Vision
Enable the C4ISR community to implement Software Assurance to secure and improve enterprise and warfighter systems and increase their effectiveness and readiness.

Initiative: Adopt common software assurance throughout a POR's life cycle

Impact:
bullet Improve operational cybersecurity posture
bullet Reduce risks (performance, reliability, security) across the life cycle

blue line
SEC synchronizes efforts for: Software Assurance Synchronization

bullet Workforce Development
Our workforce must be developed to understand what software assurance is and what their role is. It is not just the computer engineers and scientists, everyone involved in the acquisition and software development life cycles have a role to play.

bullet Governance
Establishing and gaining adoption of regulations, instructions, tactics, techniques and procedures at all organizational levels.

bullet Establishing and Maintaining a SwA Infrastructure
A good software development infrastructure includes tools and capabilities to enhance software assurance. Automated tools are a necessity given the sheer volume of software lines of code. Visual inspection cannot be depended on.

A well established and executed SwA program delivers Performance, Readiness, and Security. These are the three pillars of strength that SwA can provide to increase overall Cyber Readiness.





SEC's Software Assurance Process

SEC's process begins when we receive source code from our customer. SEC scans the code with a suite of analysis tools.

SEC's Software Assurance experts analyze the individual findings, in order to determine whether they are true vulnerabilities in the application, and how much risk they introduce.

Perform Analysis Based on the analysts' assessment, SEC generates actionable reports for developers and executives, to understand the true risk of systems, and how to remediate issues.

SEC's process can be applied as validation after a development effort, or iteratively during the development process, enabling assurance to be "built into" the software throughout its life cycle.

blue line

Why a suite of tools? Research has shown that using any one software assurance tool is used on its own generally finds less than 30% of the defects in software. By using multiple tools SEC is able to increase its testing coverage and reduce the residual risk to systems. However, as more tools are used, more findings are identified, so SEC leverages correlation and normalization technology to reduce duplication and generate unified finding lists. This reduces the time required for SEC to perform analysis of systems while ensuring that they have a high level of assurance.