Software Assurance

Software assurance is the natural progression from developing security programs and assessing risk to improving software development security practices. Trusted CI's software assurance activities include:

Training: Vulnerabilities, Threats, and Secure Coding Practices
Engagements: software assurance focused engagements such as the Pegasus and perfSONAR engagements
Situational Awareness: alerts about software vulnerabilities of relevance to NSF CI
Best Practices: including software engineering topics such as how to develop secure code, be ready for vulnerabilities, and securely distribute software releases.

Trusted CI can help projects transition to a continuous software assurance model, leveraging freely available resources such as the DHS-funded Software Assurance Marketplace (SWAMP) online at https://www.mir-swamp.org/ which provides code analysis tools for a wide variety of languages and environments.

Software Assurance

Trusted CI: the NSF Cybersecurity Center of Excellence