50. What is the Software Assurance (SwA) concept and why are information security policies and procedures so important today, and do you offer comprehensive I.T. security documentation?

Software Assurance (SwA) and the underlying concept is best defined as the level of confidence in which software is actually free from vulnerabilities - either intentionally, or accidentally during its lifecycle -, and that the software itself functions in the intended manner. Additionally, the main objective of SwA is ensuring that the policies, processes, procedures, products, and all other related activities used for producing and sustaining such software actually conforms to all applicable standards and requirements set forth. Additionally, the safety and security of software being developed is also a core concern and primary objective of SwA.

Stop and think about all the critical systems used in today’s society, and it’s quite obvious as to why SwA should be taken very seriously. From critical infrastructure platforms, such as those for banking, finance, energy, transportation, along with many other sectors and industries – developing and implementing stable and secure software is a must – no exceptions. One only needs to look at the growing cyber security threats as evidence of how software is constantly under attack from hackers and other malicious exploits.

Security Policies are an Important Component of Software Assurance and Security

But protecting software and adhering to SwA means much more than just awareness, it requires multiple layers of security, secure development platforms, and documented operational and information security policies and procedures, like those found at FLANK. With the FLANK21 set of industry leading security policies, procedures, forms, checklists – and much more – FLANK provides essential documentation for today’s security conscious organizations.

Protecting software starts with documenting one’s essential operational and information security practices, which means having in place a comprehensive set of enterprise-wide policies and procedures. Network devices, operating systems, databases, web servers, and many other primary information technology systems – they all need documented policies and procedures effectively detailing important provisions.

Additionally, the following is a list of notable resources regarding SwA concept:

  • https://buildsecurityin.us-cert.gov/swa/
  • http://www.safecode.org/index.php
  • https://buildsecurityin.us-cert.gov/bsi/home.html