SwA in Education, Training & Certification - US-Cert
SwA in Education, Training & Certification - US-Cert
SwA in Education, Training & Certification - US-Cert
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Software Assurance (<strong>SwA</strong>) Pocket Guide Resources<br />
This is a resource for „gett<strong>in</strong>g started‟ <strong>in</strong> educat<strong>in</strong>g, tra<strong>in</strong><strong>in</strong>g and certify<strong>in</strong>g a workforce to build secure software. It<br />
describes how to promote awareness of the eng<strong>in</strong>eer<strong>in</strong>g activities and knowledge areas needed to build software that<br />
operates as expected, free from vulnerabilities. It summarizes how to tra<strong>in</strong> to prevent vulnerabilities from be<strong>in</strong>g<br />
<strong>in</strong>tentionally designed <strong>in</strong>to the software or accidentally <strong>in</strong>serted at any time dur<strong>in</strong>g its life cycle. To do so, this guide<br />
describes knowledge areas for software assurance, start<strong>in</strong>g with the core areas of study and extend<strong>in</strong>g to subdiscipl<strong>in</strong>es<br />
to enhance with software security subject materials. It then presents lists of resources for accomplish<strong>in</strong>g<br />
such study, <strong>in</strong>clud<strong>in</strong>g programs, tools, and books, with po<strong>in</strong>ters on their use. Lastly, this guide describes the people<br />
who make up a security-conscious system development team, their education, titles, credentials, and standards. As<br />
part of the Software Assurance (<strong>SwA</strong>) Pocket Guide series, this resource is for <strong>in</strong>formation only. For details, see<br />
referenced source documents. For proper attribution, please <strong>in</strong>clude mention of these sources when referenc<strong>in</strong>g any<br />
part of this document.<br />
This volume of the <strong>SwA</strong> Pocket Guide series focuses on enumerat<strong>in</strong>g education,<br />
tra<strong>in</strong><strong>in</strong>g and certification resources. It identifies the most effective strategies to<br />
<strong>in</strong>ject software assurance topics <strong>in</strong>to exist<strong>in</strong>g college curriculums and workforce<br />
tra<strong>in</strong><strong>in</strong>g and certification programs.<br />
At the back of this pocket guide are references, limitation statements, and a<br />
list<strong>in</strong>g of topics addressed <strong>in</strong> the <strong>SwA</strong> Pocket Guide series. All <strong>SwA</strong> Pocket<br />
Guides and <strong>SwA</strong>-related documents are freely available for download via the<br />
<strong>SwA</strong> Community Resources and Information Clear<strong>in</strong>ghouse at<br />
https://buildsecurity<strong>in</strong>.us-cert.gov/swa.<br />
Acknowledgements<br />
The <strong>SwA</strong> community collaborates to develop <strong>SwA</strong> Pocket Guides. The <strong>SwA</strong> Forum and Work<strong>in</strong>g Groups function as a<br />
stakeholder meta-community that welcomes additional participation <strong>in</strong> advanc<strong>in</strong>g and ref<strong>in</strong><strong>in</strong>g software security. All<br />
<strong>SwA</strong>-related <strong>in</strong>formation resources are offered free for public use. The <strong>SwA</strong> community <strong>in</strong>vites your <strong>in</strong>put: please<br />
contact Software.Assurance@dhs.gov for comments and <strong>in</strong>quiries. For the most current pocket guides, refer to the<br />
<strong>SwA</strong> community website at https://buildsecurity<strong>in</strong>.us-cert.gov/swa/.<br />
Members from government, <strong>in</strong>dustry, and academia comprise the <strong>SwA</strong> Forum and Work<strong>in</strong>g Groups. The Groups focus<br />
on <strong>in</strong>corporat<strong>in</strong>g <strong>SwA</strong> considerations <strong>in</strong>to acquisition and development processes to manage potential risk exposure<br />
from software and from the supply cha<strong>in</strong>.<br />
Participants <strong>in</strong> the <strong>SwA</strong> Forum‟s Workforce <strong>Education</strong> and Tra<strong>in</strong><strong>in</strong>g Work<strong>in</strong>g Group contributed to develop<strong>in</strong>g the<br />
material used <strong>in</strong> this pocket guide as a step <strong>in</strong> rais<strong>in</strong>g awareness on how to <strong>in</strong>corporate <strong>SwA</strong> topics <strong>in</strong> education,<br />
tra<strong>in</strong><strong>in</strong>g and certification of a knowledgeable workforce. One that is ready to perform eng<strong>in</strong>eer<strong>in</strong>g or technical activities<br />
that promote software assurance throughout the Software Development Life Cycle (SDLC).<br />
Software Assurance Pocket Guide Series:<br />
Life Cycle Support, Volume I – Version 2.2, Mar 16, 2011<br />
Software Assurance <strong>in</strong> <strong>Education</strong>, Tra<strong>in</strong><strong>in</strong>g & <strong><strong>Cert</strong>ification</strong><br />
1