Software Security

For the assignments in this course, you will not be implementing any software assurance policies or procedures. You will be developing a comprehensive software assurance guidelines document. Your first task in this process will be to select an organization (or identify a hypothetical organization) to use as the basis of your projects. You will also create the shell document for the final project deliverable that you will be working on during each unit. As you proceed through each project phase, you will add content to each section of the final document to gradually complete the final project deliverable. Appropriate research should be conducted to support the development of your guideline document, and assumptions may be made when necessary.

The project deliverables are the following:

• Submit your organization proposal to instructor for approval.
• Create a software assurance guidelines document shell in Word. It should include the following:
  • Create a title page
    • Course number and name
    • Project name
    • Student name
    • Date
  • Table of contents (TOC) 
    • Use autogenerated TOC
    • Separate page
    • Maximum of 3 levels deep
    • Update the TOC before submitting your project
  • Section headings (create each heading on a new page with "TBD" as content, except for sections listed under New Content below)
    • Project Outline
    • Security in the Development Life Cycle
    • Software Assurance Techniques
    • Security in Nontraditional Development Models
    • Security Static Analysis
    • Software Assurance Policies and Processes
  • New Content
    • Project outline and requirements
      • Brief description of the organization (can be hypothetical) and where the guidelines will be implemented
      • Company size, location(s), and other pertinent information
      • List of the software applications provided by the company for the government
        • The software list must include at least 1 desktop and 1 Web application.
        • A database must be used with one of the applications.
      • A summary of the software development organization within the company, employees and reporting structure, systems and technologies used for software development, testing, source control, and document storage
        • Material can be taken from the approved proposal that was submitted to the instructor (ensure that this project is approved by the instructor).
    • Security in the development life cycle
      • Provide an outline of the SDLC model that is used in your organization, including each of the major phases.
      • This should be a traditional SDLC. Extended models, such extreme programming, will be covered in a later section.
      • Identify specific components of the security development model that can be applied to each of the phases of your SDLC model.
      • For each pairing of security development model component to SDLC model phase, describe how the security model is applied and the major tasks that are involved.