Software assurance is the natural progression from developing security programs and assessing risk to improving software development security practices. Trusted CI's software assurance activities include:
Introduction to Software Security: A developing collection of modules for learning basic to advanced secure coding
Situational Awareness: alerts about software vulnerabilities of relevance to NSF CI
Best Practices: including software engineering topics such as how to develop secure code, be ready for vulnerabilities, and securely distribute software releases.
Trusted CI can help projects transition to a continuous software assurance model, leveraging freely available resources such as the DHS-funded Software Assurance Marketplace (SWAMP) online at https://www.mir-swamp.org/ which provides code analysis tools for a wide variety of languages and environments.
Trusted CI Blog posts featuring software assurance, sustainability, and secure coding practices.