Software Assurance: An Overview of Current Industry Best Practices

Overview

Software underpins the information infrastructure that governments, critical infrastructure providers and businesses worldwide depend upon for daily operations and business processes. These organizations widely and increasingly use commercial off-the-shelf software ("COTS") to automate processes with information technology. At the same time, cyber attacks are becoming more stealthy and sophisticated, creating a complex and dynamic risk environment for IT-based operations that users are working to better understand and manage. As such, users have become increasingly concerned about the integrity, security and reliability of commercial software. To address these concerns and meet customer requirements, vendors have undertaken significant efforts to reduce vulnerabilities, improve resistance to attack and protect the integrity of the products they sell.