Software Assurance and Modernization Ecosystem is an open standards based plug and play environment for automated vulnerability testing tools and services.
The foundation of the Software Assurance and Modernization Ecosystem is the Knowledge Discovery Metamodel specification - standard language-independent and vendor-neutral representation for representing existing software systems. Knowledge Discovery Metamodel allows interoperability between automated vulnerability testing tools. KDM specification is developed by the Object Management Group.
Common reusable content for Software Assurance is developed using another standard from the Object Management Group (OMG), the Semantics of Business Vocabular and Business Rules (SBVR). SBVR and KDM are designed as two parts of a unique OMG Technology Stack for software analytics related to existing software systems.
This white paper describes a methodology for performing software assurance assessments for the purpose of establishing a level of confidence that a software system is meeting its security and business goals. The top down, six-stage approach uses claims and arguments to drive goal-aligned assessments, which provides evidence to identify best practices and improvement opportunities in both the development process and the application itself.
Whether as a third party evaluator, software development organization or system integrator, this methodology, combined with a pre-built repository of customizable claims and arguments, is an efficient and effective way to establish software trustworthiness.