Supplementary Materials for Software Assurance Curricula

• This collection of supplementary materials and references is intended to help organizations use SEI Software Assurance Curricula in academic settings or workforce development efforts.

  Workforce Development for Software Assurance

  The Roadmap to Software Assurance Competency can help your organization initiate the use of software assurance competencies.

  The SEI developed the Software Assurance Competency Model to create a foundation for assessing and advancing the capability of software assurance professionals. Endorsed by IEEE Computer Society, this model helps organizations and individuals determine their SwA competency across a range of knowledge areas and units. It provides a span of competency levels 1 through 5 as well as a decomposition into individual competencies based on knowledge and skills. It is a framework that an organization can adapt to its particular domain, culture, or structure.

  On July 5, 2014, the Software and Systems Engineering Committee of the IEEE Computer Society Professional Activities Board (PAB) endorsed the SEI Software Assurance Competency Model as being both appropriate for software assurance roles and consistent with A Framework for PAB Competency Models.

  Supplementary Materials

  These are donated materials that could supplement a variety of software assurance courses at various academic levels or in workforce development.

  • SQUARE Instructional Materials
  • Software Security Engineering Course

  Insider Threat

  • CERT Insider Threat Program Manager Certificate
  • CERT Insider Threat Vulnerability Assessor Certificate

  Secure Programming

  • CERT Secure Coding in C and C++ Professional Certificate
  • CERT Secure Coding in Java Professional Certificate

  Secure Software Management Course

  Secure Software Design and Programming Course

  These course materials, developed by David A. Wheeler for his Secure Software Design and Programming graduate course (SWE-681/ISA-681) at George Mason University, include presentations (available under the Creative Commons CC-BY-SA license) and a book.

  Static Analysis for Software Quality Seminar

  Case Studies

  Altran Praxis developed a case study for the National Security Agency that demonstrates correct software by construction using formal specification and verification. With the proper tools (which are available to academic users for free), you can compile and execute the implementation, which uses a subset of Ada. In addition, you can use the verification tools to check the formal proofs. For more information, go to the Altran Praxis website.

• Software Assurance Competency Model March 2013 Author(s): Thomas B. Hilburn (Embry-Riddle Aeronautical University), Mark A. Ardis (Stevens Institute of Technology), Glenn Johnson ((ISC)2), Andrew J. Kornecki (Embry-Riddle Aeronautical University), Nancy R. Mead In this report, the authors describe a model that helps create a foundation for assessing and advancing the capability of software assurance professionals.
• Roadmap to Software Assurance Competency September 2013 Author(s): This white paper describes the Software Assurance (SwA) Core Body of Knowledge and SwA competency levels.
• SQUARE Instructional Materials October 2013 Author(s): SQUARE instructional materials are designed for teaching the SQUARE method.
• Insider Threat Program Manager Certificate May 2014 Author(s): CERT Insider Threat Center This brochure summarizes the CERT Insider Threat Center's Insider Threat Program Manager certificate program.
• Insider Threat Vulnerability Assessor Certificate May 2014 Author(s): CERT Insider Threat Center This brochure summarizes the CERT Insider Threat Center's Insider Threat Vulnerability Assessor certificate program.
• CERT Secure Coding in C and C++ Professional Certificate June 2016 Author(s): This certificate program helps you find and fix C++ coding errors early in the software development lifecycle.
• CERT Secure Coding in Java Professional Certificate June 2016 Author(s): This certificate program helps you find and fix Java coding errors early in the software development lifecycle.
• The Software Assurance Competency Model: A Roadmap to Enhance Individual Professional Capability May 2013 Author(s): Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy) In this paper, the authors describe a software assurance competency model that can be used by professionals to improve their software assurance skills.