Topics: Cybersecurity Engineering, Software Assurance
Presents a hybrid method of threat modeling that attempts to meld the desirable features of three methods: Security Cards, Persona non Grata, and STRIDE.
Topics: Malware Analysis, Vulnerability Analysis
This presentation describes initial research conducted by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws
This panel discussed programs designed to meet the growing need for software assurance professionals.
Topics: Cybersecurity Engineering
In this presentation, Nancy Mead explains how malware analysis can be used effectively to identify otherwise overlooked security requirements.
Watch Nancy Mead in this SEI Cyber Minute as she discusses "Cyber Security Engineering."
Topics: Cybersecurity Engineering
In this podcast Nancy Mead and Carol Woody discuss their new book, Cyber Security Engineering: A Practical Approach for Systems and Software Assurance, which introduces a set of seven principles for software assurance.
Topics: Software Architecture
Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody present the latest practical knowledge and case studies.
Topics: Cybersecurity Engineering
This podcast is the first in a series highlighting interviews with SEI Fellows.
Topics: Malware Analysis, Software Assurance
This report presents instructions for using the Malware-driven Overlooked Requirements (MORE) website applications.
Topics: Workforce Development, Performance and Dependability
This podcast, featuring an interview with Dr. Nancy Mead, is the first in a series highlighting interviews with SEI Fellows.
Topics: Software Assurance
In this podcast, Nancy Mead discusses how, with support from the Department of Homeland Security, SEI researchers developed software assurance curricula and programs for graduate, undergraduate, and community colleges.
Topics: Software Assurance, Cybersecurity Engineering
In this paper, the authors propose to improve how security requirements are identified.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead describes a panel session that explored strategies for industry/university collaboration in software engineering education.
Topics: Software Assurance, Cybersecurity Engineering
In this article, the authors propose to enhance software development lifecycle models by implementing a process for including use cases based on previous cyberattacks.
Topics: Cybersecurity Engineering, Malware Analysis
This technical note explores the development of security requirements for the K-9 Mail application, an open source email client for the Android operating system.
Topics: Measurement and Analysis
The tutorial presents the traditional KJ method for eliciting unstated user needs and extensions made to allow KJ to be used in a virtual environment.
Topics: Cybersecurity Engineering
An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.
Topics: Cybersecurity Engineering, Software Assurance
In this book chapter, the authors discuss modern principles of software assurance and identify a number of relevant process models, frameworks, and best practices.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, the authors highlight efforts to address the principles of software assurance and its educational curriculum.
Topics: Software Assurance, Measurement and Analysis
In this report, the authors describe the current state of the practice and emerging trends in software assurance measurement.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, the authors provide background information on penetration testing processes and practices.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, the authors detail the validation of a teaching model for security requirements engineering that ensures that security is built into software.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, the authors present an overview of the Master of Software Assurance curriculum, including its history, student prerequisites, and outcomes
Topics: Cybersecurity Engineering, Software Assurance
In this paper, the authors describe the work of the Master of Software Assurance curriculum project, including sources, process, products, and more.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead describes a tradeoff analysis that can select a suitable requirements prioritization method and the results of trying one method.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead describes a tradeoff analysis that can be used to select a suitable requirements elicitation method.
In this paper, Nancy Mead discusses how Common Criteria is evaluated, it also presents a standard that is related to developing security requirements.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead describes a measurement approach to security requirements engineering to analyze projects that were developed with and without SQUARE.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, the authors discuss the results of comparing the Common Body of Knowledge for Secure Software Assurance with traditional computing disciplines.
In this paper, the authors present IT valuation models that represent the most commonly accepted approaches to the valuation of IT and IT processes.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead provides a bibliography of sources related to requirements engineering.
Topics: Incident Management
In this paper, the authors characterize the current state of secure software assurance work and suggest future directions.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead provides an overview of the Business Case content area.
Topics: Acquisition Support, Cybersecurity Engineering, Software Assurance
In this paper, the authors describe a software assurance competency model that can be used by professionals to improve their software assurance skills.
Topics: Acquisition Support, Cybersecurity Engineering, Software Assurance
In this paper, the authors propose a set of Supply Chain Risk Management (SCRM) activities and practices for Information and Communication Technologies (ICT).
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead discusses the growing demand for skilled professionals who can build security and correct functionality into software.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, the authors describe three educational initiatives in support of software assurance education.
Topics: Cybersecurity Engineering, Software Assurance
In this article, the authors demonstrate how a true cost/benefit for secure software can be derived.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, the authors describe two efforts that support national cybersecurity education goals.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, the authors highlight efforts underway to address our society's growing dependence on software and the need for effective software assurance.
Topics: Cybersecurity Engineering, Software Assurance
In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead discusses elicitation methods and the kind of tradeoff analysis that can be done to select a suitable one.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead discusses using a systematic prioritization approach to prioritize security requirements.
In this paper, the authors introduce a novel method of optimizing using integer programming (IP).
Topics: Cybersecurity Engineering, Software Assurance
In this report, the authors describe a model that helps create a foundation for assessing and advancing the capability of software assurance professionals.
Topics: Cybersecurity Engineering, Software Assurance
In this preface, the guest editors of this special edition provide a context for the articles that comprise the issue.
Topics: Cybersecurity Engineering, Measurement and Analysis, Software Assurance
In this book chapter, the authors present a measurement model with seven principles that capture the fundamental managerial and technical concerns of development and sustainment.
Topics: Cybersecurity Engineering, Software Assurance
This course focuses on fundamental concepts, methods, and practices for developing secure software systems.
Topics: Cybersecurity Engineering
In this book chapter, the authors present SQUARE, a security requirements approach, privacy requirement elicitation, and security risk assessment techniques.
Topics: Software Assurance
In this report, the authors focus on community college courses for software assurance.
Topics: Cybersecurity Engineering, Software Assurance
In this report, the authors provide the master bibliography that is used with the software assurance curriculum.
Topics: Cybersecurity Engineering, Software Assurance
In this report, the authors provide sample syllabi for the nine core courses in the Master of Software Assurance Reference Curriculum.
Topics: Software Assurance
In this report, the authors examine how the Master of Software Assurance Reference Curriculum can be used for a Master of Science in Information Systems.
Topics: Workforce Development
In this podcast, participants explain how knowledge about software assurance is essential to ensure that complex systems function as intended.
Topics: Cybersecurity Engineering
In this article, the authors summarize the Master of Software Assurance curriculum project, including its history, outcomes, a core body of knowledge, and curriculum architecture.
Topics: Cybersecurity Engineering
In this preface, the authors describe the rest of the issue, which discusses how to bring software security education to the mainstream.
In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
This report presents the Building Assured Systems Framework (BASF) that addresses the customer and researcher challenges of selecting security methods and research approaches for building assured systems.
Topics: Cybersecurity Engineering, Software Assurance
In this report, the authors present a master of software assurance curriculum that educational institutions can use to create a degree program or track.
Topics: Cybersecurity Engineering, Software Assurance
In this report, the authors describe seven courses for an undergraduate curriculum specialization for software assurance.
Topics: Cybersecurity Engineering, Software Assurance
In this paper, Nancy Mead how a systematic approach to security requirements engineering helps to avoid problems.
Topics: Cyber Risk and Resilience Management
In this 2010 report, the authors explore how the SQUARE process can be adapted for privacy requirements engineering in software development.
Topics: Cybersecurity Engineering
In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.
In this workshop, software assurance education is introduced to faculty who are interested in adding these concepts to existing and new educational programs.
Topics: Cybersecurity Engineering
In this report, the authors describe enhancements to the SQUARE method for addressing privacy requirements.
Topics: Cyber Risk and Resilience Management
In this 2009 webinar, Nancy Mead provides an overview of the CERT SQUARE process, and discusses current activities and plans.
Topics: Cybersecurity Engineering, Software Assurance
In this report, the authors provide advice for those making a business case for building software assurance into software products during software development.
Topics: Cybersecurity Engineering
In this book chapter, the authors describe methods of incorporating security requirements engineering into software engineering courses and curricula.
Topics: Cybersecurity Engineering
In this book chapter, Nancy Mead describes issues in developing security requirements, useful methods, including details about the SQUARE method.
Topics: Software Assurance
In this podcast, Nancy Mead explains that during requirements engineering, software engineers need to think about how software should behave when under attack.
Topics: Cyber Risk and Resilience Management
In this 2008 report, the authors describe SQUARE and SQUARE-Lite, and using SQUARE-Lite to develop security requirements for a financial application.
Topics: Cybersecurity Engineering
In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.
Topics: Cybersecurity Engineering
In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.
Topics: Cybersecurity Engineering
In this 2007 report, Nancy Mead describes SQUARE, and outlines other methods used for identifying security requirements.
Topics: Cybersecurity Engineering
In this book chapter, Nancy Mead describes the SQUARE method, which can be used to elicit, analyze, and document security requirements for software systems.
Topics: Cyber Risk and Resilience Management
In this report, the authors present their results of using SQUARE when working with three clients over the course of a semester.
Topics: Cybersecurity Engineering
In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.
Topics: Cybersecurity Engineering
In this book chapter, the authors recommend specific development practices for improving the overall security of your C/C++ application.
Topics: Cyber Risk and Resilience Management
In this report, the authors describe the second phase of an application of the SQUARE Methodology on an asset management system.
Topics: Cyber Risk and Resilience Management
In this 2004 report, the authors describe the first case study that applied the SQUARE methodology to an organization.
Topics: Cyber Risk and Resilience Management
In this 2004 report, the authors describe a cost/benefit analysis for estimations in small companies' information security improvement projects.
This report describes the IR&D projects that were conducted during fiscal year 2004 (October 2003 through September 2004).
Topics: Cybersecurity Engineering
In this book chapter, the authors discuss successful collaborations between industry and universities that improve software engineering education.
Topics: Cybersecurity Engineering, Software Assurance
In this 2003 report, Nancy Mead describes the state of requirements engineering for survivable systems.
Topics: Cyber Risk and Resilience Management
In this 2003 report, Nancy Mead focuses on international liability as it relates to information security for critical infrastructure applications.
Topics: Cybersecurity Engineering, Software Assurance
In this 2002 report, the authors describe a software development life-cycle model for survivability and illustrate techniques to support survivability goals.
Topics: Cybersecurity Engineering, Software Assurance
In this 2002 report, the authors describe a study of reeducating non-software professionals and practitioners to become software engineers.
In this paper, the authors describe their efforts to perform risk assessment and analyze and design robust survivable systems.
In this 2001 report, the authors describe a risk-mitigation framework for deciding when and how COTS components can be used to build survivable systems.
This report, published in 2000, describes the SNA method developed at the SEI's CERT Coordination Center. The SNA method guides stakeholders through an analysis process intended to improve system survivability when a system is threatened.
Topics: Network Situational Awareness
In this report, the authors present a method for analyzing the survivability of distributed network systems and an example of its application.
This 1997 report describes the survivability approach to helping assure that a system that must operate in an unbounded network is robust in the presence of attack and will survive attacks that result in successful intrusions.
This report provides the results of a benchmarking study to identify the best training practices within the software engineering community.
This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system.