Selecting Metrics for Software Assurance
September 2019 • Podcast
Dr. Carol Woody discusses the selection of metrics for measuring the software assurance of a product as it is developed and delivered to function in a specific system context.
“There are all kinds of things that you could measure. There are all kinds of things you could do. The real question is what’s going to gain you better operational results? In some cases, that’s subjective, but what we have built with previous research is a framework of good software assurance practices.”
Software Engineering Institute
The Software Assurance Framework (SAF) is a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain. The SAF can be used to assess an acquisition program’s current cybersecurity practices and chart a course for improvement, ultimately reducing the cybersecurity risk of deployed, software-reliant systems. In this podcast, Dr. Carol Woody discusses the selection of metrics for measuring the software assurance of a product as it is developed and delivered to function in a specific system context.
About the Speaker
Dr. Carol Woody has been a senior member of the technical staff since 2001. Currently she is the technical manager for the Cyber Security Engineering (CSE) team, whose research focuses on meeting the challenges of cyber security in acquisition, system and software engineering. CSE is building capabilities in defining, acquiring, developing, measuring, managing, and sustaining secure software for highly complex networked systems as well as systems of systems.
Woody is an experienced technical researcher whose work has focused on government agencies, higher education, and medical organizations. She has helped them identify effective security risk management solutions, develop approaches to improve their ability to identify security and survivability requirements, and field software and systems with greater assurance.
As a consultant for ImageWork Technologies Corp., Woody managed the user testing for CITYTIME, a timekeeping application being developed for New York City. She also consulted with the Queens County District Attorney's Office of New York City to design and implement an electronic document management system. New York City's Administration for Child Services chose her to integrate financial information among state, city, and agency financial systems and also to construct a financial data warehouse and implement web-enabled processes for managing social service payments. As project manager at Yale University, Woody served as architect and implementing project manager for an integrated ID card solution, developed technical specifications and assisted users in vendor review and selection for a procurement package, designed and implemented expert system technology for distributed data collection, and managed a team of technicians supporting the financial operations of the university.
Woody holds a PhD in information science from Nova Southeastern University, an MBA from Wake Forest University, and a BS in mathematics from William and Mary.
Contact: Carol Woody