Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Dan Shoemaker (University of Detroit Mercy)
September 2015 - Article Model-Based Engineering for Supply Chain Risk Management

Topics: Cybersecurity Engineering, Risk and Opportunity Management, Acquisition Support

Authors: Dan Shoemaker (University of Detroit Mercy), Carol Woody

In this article, the authors discuss how model-based engineering (MBE) offers a means to design, develop, analyze, and maintain a complex system architecture.

May 2014 - Book Chapter Software Assurance

Topics: Cybersecurity Engineering, Software Assurance

Authors: Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy), Carol Woody

In this book chapter, the authors discuss modern principles of software assurance and identify a number of relevant process models, frameworks, and best practices.

December 2013 - White Paper Foundations for Software Assurance

Topics: Cybersecurity Engineering, Software Assurance

Authors: Carol Woody, Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)

In this paper, the authors highlight efforts to address the principles of software assurance and its educational curriculum.

November 2013 - Technical Note Software Assurance Measurement – State of the Practice

Topics: Software Assurance, Measurement and Analysis

Authors: Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead

In this report, the authors describe the current state of the practice and emerging trends in software assurance measurement.

July 2013 - White Paper Teaching Security Requirements Engineering Using SQUARE

Topics: Cybersecurity Engineering, Software Assurance

Authors: Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead

In this paper, the authors detail the validation of a teaching model for security requirements engineering that ensures that security is built into software.

July 2013 - White Paper Building Security into the Business Acquisition Process

Topics: Acquisition Support, Cybersecurity Engineering, Software Assurance

Authors: Dan Shoemaker (University of Detroit Mercy)

In this paper, Dan Shoemaker presents the standard process for acquiring software products and services in business.

July 2013 - White Paper Finding a Vendor You Can Trust in the Global Marketplace

Topics: Cybersecurity Engineering, Acquisition Support, Software Assurance

Authors: Art Conklin, Dan Shoemaker (University of Detroit Mercy)

In this paper, the authors introduce the concept of standardized third-party certification of supplier process capability.

May 2013 - White Paper Integrating Software Assurance Knowledge into Conventional Curricula

Topics: Cybersecurity Engineering, Software Assurance

Authors: Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead

In this paper, the authors discuss the results of comparing the Common Body of Knowledge for Secure Software Assurance with traditional computing disciplines.

May 2013 - White Paper Individual Certification of Security Proficiency for Software Professionals: Where Are We? Where Are We Going?

Topics: Cybersecurity Engineering, Software Assurance

Authors: Dan Shoemaker (University of Detroit Mercy)

In this paper, Dan Shoemaker describes existing professional certifications in information assurance and emerging certifications for secure software assurance.

May 2013 - White Paper Models for Assessing the Cost and Value of Software Assurance

Authors: Antonio Drommi, Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), John Bailey, Nancy R. Mead

In this paper, the authors present IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes.

May 2013 - White Paper Defining the Discipline of Secure Software Assurance: Initial Findings from the National Software Assurance Repository

Topics: Incident Management

Authors: Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead,

In this paper, the authors characterize the current state of secure software assurance work and suggest future directions.

May 2013 - White Paper The Software Assurance Competency Model: A Roadmap to Enhance Individual Professional Capability

Topics: Acquisition Support, Cybersecurity Engineering, Software Assurance

Authors: Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)

In this paper, the authors describe a software assurance competency model that can be used by professionals to improve their software assurance skills.

May 2013 - White Paper Building a Body of Knowledge for ICT Supply Chain Risk Management

Topics: Acquisition Support, Cybersecurity Engineering, Software Assurance

Authors: Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead

In this paper, the authors propose a set of Supply Chain Risk Management (SCRM) activities and practices for Information and Communication Technologies (ICT).

May 2013 - White Paper Getting Secure Software Assurance Knowledge into Conventional Practice

Topics: Cybersecurity Engineering, Software Assurance

Authors: Dan Shoemaker (University of Detroit Mercy), , Nancy R. Mead

In this paper, the authors describe three educational initiatives in support of software assurance education.

May 2013 - White Paper Two Nationally Sponsored Initiatives for Disseminating Assurance Knowledge

Topics: Cybersecurity Engineering, Software Assurance

Authors: Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead

In this paper, the authors describe two efforts that support national cybersecurity education goals.

May 2013 - White Paper Foundations for Software Assurance

Topics: Cybersecurity Engineering, Software Assurance

Authors: Carol Woody, Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead

In this paper, the authors highlight efforts underway to address our society's growing dependence on software and the need for effective software assurance.

May 2013 - White Paper It’s a Nice Idea but How Do We Get Anyone to Practice It? A Staged Model for Increasing Organizational Capability in Software Assurance

Topics: Cybersecurity Engineering, Software Assurance

Authors: Dan Shoemaker (University of Detroit Mercy)

In this paper, Dan Shoemaker presents a standard approach to increasing the security capability of a typical IT function.

January 2013 - Article Guest Editorial Preface for 2013 Special Issue of the International Journal of Secure Software Engineering

Topics: Cybersecurity Engineering, Software Assurance

Authors: Nancy R. Mead, Ivan Flechais (University of Oxford), Dan Shoemaker (University of Detroit Mercy), Carol Woody

In this preface, the guest editors of this special edition provide a context for the articles that comprise the issue.

January 2013 - Book Chapter Principles and Measurement Models for Software Assurance

Topics: Cybersecurity Engineering, Measurement and Analysis, Software Assurance

Authors: Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy), Carol Woody

In this book chapter, the authors present a measurement model with seven principles that capture the fundamental managerial and technical concerns of development and sustainment.

February 2011 - Technical Note Integrating the Master of Software Assurance Reference Curriculum into the Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems

Topics: Software Assurance

Authors: Dan Shoemaker (University of Detroit Mercy), Nancy R. Mead, Jeff Ingalsbe (University of Detroit Mercy)

In this report, the authors examine how the Master of Software Assurance Reference Curriculum can be used for a Master of Science in Information Systems.

October 2010 - Article Guest Editorial Preface for 2010 Special Issue on Software Security Engineering Education

Topics: Cybersecurity Engineering

Authors: Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)

In this preface, the authors describe the rest of the issue, which discusses how to bring software security education to the mainstream.

April 2009 - Special Report Making the Business Case for Software Assurance

Topics: Cybersecurity Engineering, Software Assurance

Authors: Nancy R. Mead, Julia H. Allen, W. Arthur Conklin, Antonio Drommi, John Harrison, Jeff Ingalsbe (University of Detroit Mercy), James Rainey, Dan Shoemaker (University of Detroit Mercy)

In this report, the authors provide advice for those making a business case for building software assurance into software products during software development.

January 2009 - Book Chapter Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses

Topics: Cybersecurity Engineering

Authors: Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)

In this book chapter, the authors describe methods of incorporating security requirements engineering into software engineering courses and curricula.