Author

Ryan A. Maxon

Date of Award

3-17-2008

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Systems Engineering and Management

First Advisor

Dennis D. Strouble, PhD

Abstract

In the corporate world, "bits mean money," and as the Department of Defense (DoD) becomes more and more reliant on net-centric warfare, bits mean national security. Software security threats are very real, as demonstrated by the constant barrage of Internet viruses, worms, Trojans, and hackers seeking to exploit the latest vulnerability. Most organizations focus their resources on reactive defenses such as firewalls, antivirus software, and encryption, however as demonstrated by the numerous attacks that are successful, those post facto measures are not enough to stop the bleeding. The DoD defines software assurance (SwA) as the "level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software." SwA focuses on baking in security versus bolting it on afterwards. The Department of Homeland Security and DoD each have had SwA programs for a few years; however the Air Force (AF) just recently formed the Application Software Assurance Center of Excellence at Maxwell AFB-Gunter Annex, AL. This research seeks to identify common issues that present challenges to the development of secure software and best practices that the AF could adopt as it proactively begins to heal the SwA problem.

AFIT Designator

AFIT-GIR-ENV-08-M13

DTIC Accession Number

ADA480286

Share

COinS