Software assurance is the natural progression from developing security programs and assessing risk to improving software development security practices. Trusted CI's software assurance activities include:
- Training: Vulnerabilities, Threats, and Secure Coding Practices
- Engagements: software assurance focused engagements such as the Pegasus and perfSONAR engagements
- Situational Awareness: alerts about software vulnerabilities of relevance to NSF CI
- Best Practices: including software engineering topics such as how to develop secure code, be ready for vulnerabilities, and securely distribute software releases.
Trusted CI can help projects transition to a continuous software assurance model, leveraging freely available resources such as the DHS-funded Software Assurance Marketplace (SWAMP) online at https://www.mir-swamp.org/ which provides code analysis tools for a wide variety of languages and environments.