:: join :: contact us :: home
Member Login
Email:
Password:
Change Password
About Membership Conferences Projects Media Standing Committees Search Home

Software Assurance Phase 1

Project Details

Software is used to control virtually every aspect of  computing, yet the assurance of the security, integrity and resiliency of software is still in its infancy. There is increasing focus by legislators, regulators and industry overseers on the application layer and the need to ensure its security, resiliency, sustainability and integrity. The current theory and practice of software assurance are both lacking in their ability to provide a high level of confidence in software security, integrity and resiliency. There is an urgent need to advance the state of the art of software assurance, specifically as it relates to application security. The industry needs to broaden security reviews to cover significantly more of the popular applications. The impact of this situation is that costs associated with leaving unchecked the challenges of immature approaches and inadequate security reviews cannot be understated. Data security breaches from compromises of the applications layer account for costs in the many billions of dollars per year. In light of the current market turmoil and call for re-regulation, there is a critical need for a top-down view of organizational requirements and technical capabilities proactively driven by the financial services community. Our goal is to reduce the time, cost, and complexity of software assurance and increase the effectiveness of the methods used by the Financial Services Industry. The FSTC Software Assurance Initiative (SAI) will address application-related issues and benefit from collaboration with BITS,  FSSCC , INFOSEC and other industry associations. The SAI will help participants address challenges in four areas:

- Secure Architecture Design Principles
- Application-related Security Metrics
- Risk-based Security Investment Approach
- Software Testing and Evaluation

To achieve these objectives, FSTC is establishing a FSTC Special Interest Group to determine which aspects of the program should be pursued and what the priorities should be.  As part of this Software Assurance Initiatives, FSTC is taking over the BITS Product Certification Program and will integrate it into the Software Assurance Initiative

Project Manager

Warren Axelrod
warren.axelrod@fstc.org

Roger Lang
roger.lang@fstc.org
(201) 389-3571

Project Documents

To see the documents associated with this project, you must sign in or join FSTC

Back to projects page »