Software Security Guide

The main objective of software assurance is to ensure that the processes, procedures, and products used to produce and sustain the software conform to all requirements and standards specified to govern those processes, procedures, and products. Software security and secure software are often discussed in the context of software assurance. Software assurance in its broader sense refers to the assurance of any required property of software. For software practitioners at the National Aeronautics and Space Administration (NASA), software assurance refers to the assurance of safety as a property of software. Similarly, in other communities, software assurance may refer to assurance of reliability or quality. In the context of this article, software assurance is concerned with assuring the security of software.

An increasingly agreed-upon approach for assuring the security of software is the software security assurance case, which is intended to provide justifiable confidence that the software under consideration (1) is free of vulnerabilities; (2) functions in the “intended manner,” and this “intended manner” does not compromise the security or any other required properties of the software, its environment, or the information it handles; and (3) can be trusted to continue operating dependably under all anticipated circumstances, including anomalous and hostile environmental and utilization circumstances—which means that those who build the software need to anticipate such circumstances and design and implement the software to be able to handle them gracefully. Such circumstances include

• the presence of unintentional faults in the software and its environment
• the exposure of the operational software to accidental events that threaten its security
• the exposure of the software to intentional choices or actions that threaten its security during its development, deployment, operation, or sustainment
  

Software is more likely to be assurably secure when security is a key factor in the following aspects of its development and deployment:

• development principles and practices: The practices used to develop the software and the principles that governed its development are expressly intended to encourage and support the consideration and evaluation of security in every phase of the software’s development life cycle. Some secure development principles and practices for software are suggested later in this article.
• development tools: The programming language(s), libraries, and development tools used to design and implement the software are evaluated and selected for their ability to avoid security vulnerabilities and to support secure development practices and principles.
• testing practices and tools: The software is expressly tested to verify its security, using tools that assist in such testing.
• acquired components: Commercial off-the-shelf (COTS) and OSS components are evaluated to determine whether they contain vulnerabilities, and if so whether the vulnerabilities can be remediated through integration to minimize the risk they pose to the software system.
• deployment configuration: The installation configuration of the software minimizes the exposure of any residual vulnerabilities it contains.
• execution environment: Protections are provided by the execution environment that can be leveraged to protect the higher level software that operates in that environment.
• practitioner knowledge: The software’s analysts, designers, developers, testers, and maintainers are provided with the necessary information (e.g., through training and education) to give them sufficient security awareness and knowledge to understand, appreciate, and effectively adopt the principles and practices that will enable them to produce secure software.