Software Assurance

Software assurance is the natural progression from developing security programs and assessing risk to improving software development security practices. Trusted CI's software assurance activities include:

• Introduction to Software Security: A developing collection of modules for learning basic to advanced secure coding

• Training: Vulnerabilities, Threats, and Secure Coding Practices

• Engagements: software assurance focused engagements such as the Pegasus and perfSONAR engagements

• Situational Awareness: alerts about software vulnerabilities of relevance to NSF CI

• Best Practices: including software engineering topics such as how to develop secure code, be ready for vulnerabilities, and securely distribute software releases.

Trusted CI can help projects transition to a continuous software assurance model, leveraging freely available resources such as the DHS-funded Software Assurance Marketplace (SWAMP) online at https://www.mir-swamp.org/ which provides code analysis tools for a wide variety of languages and environments.

Blog posts

Trusted CI Blog posts featuring software assurance, sustainability, and secure coding practices.