Software security assurance

Software Security Assurance (SSA) is the process of ensuring that software is designed to operate at a level of security that is consistent with the potential harm that could result from the loss, inaccuracy, alteration, unavailability, or misuse of the data and resources that it uses, controls, and protects.

For a top category, however, the impact may pose a threat to human life; may have an irreparable impact on software owner's missions, functions, image, or reputation; or may result in the loss of significant assets or resources.

and off-line storage; human resource security; and audit trails and usage records.

When the system enters this problem state, unexpected and undesirable behavior may result.

A first-order approach is to identify the critical software components that control security-related functions and pay special attention to them throughout the development and testing process.

This approach helps to focus scarce security resources on the most critical areas.

The list, which is currently in a very preliminary form, contains descriptions of common software weaknesses, faults, and flaws.

Constraint analysis evaluates the design of a software component against restrictions imposed by requirements and real-world limitations.

Formal secure code reviews are conducted at the end of the development phase for each software component.

The purpose of conducting secure code inspections or walkthroughs is to find errors.

Typically, the group that does an inspection or walkthrough is composed of peers from development, security engineering and quality assurance.