search menu icon-carat-right cmu-wordmark

Posts by Carol Woody

Selecting Measurement Data for Software Assurance Practices

Selecting Measurement Data for Software Assurance Practices

• Blog
Carol Woody

Measuring the software assurance of a product as it is developed and delivered to function in a specific system context involves assembling carefully chosen metrics. These metrics should demonstrate a range of behaviors to confirm confidence that the product functions as intended and is free of vulnerabilities. The Software Assurance Framework (SAF) is a collection of cybersecurity practices that programs can apply across the acquisition lifecycle and supply chain to promote the desired assurance behaviors....

Read More
Using Quality Metrics and Security Methods to Predict Software Assurance

Using Quality Metrics and Security Methods to Predict Software Assurance

• Blog
Carol Woody

This blog post was co-authored by Nancy Mead, SEI Fellow. To ensure software will function as intended and is free of vulnerabilities (aka software assurance), software engineers must consider security early in the lifecycle, when the system is being designed and architected. Recent research on vulnerabilities supports this claim: Nearly half the weaknesses identified in the Common Weakness Enumeration (CWE) repository have been identified as design weaknesses. These weaknesses are introduced early in the lifecycle...

Read More
Heartbleed and Goto Fail: Two Case Studies for Predicting Software Assurance Using Quality and Reliability Measures

Heartbleed and Goto Fail: Two Case Studies for Predicting Software Assurance Using Quality and Reliability Measures

• Blog
Carol Woody

This post was co-authored by Bill Nichols. Mitre's Top 25 Most Dangerous Software Errors is a list that details quality problems, as well as security problems. This list aims to help software developers "prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped." These vulnerabilities often result in software that does not function as intended, presenting an opportunity for attackers to compromise...

Read More
Establishing Trust in the Wireless Emergency Alerts Service

Establishing Trust in the Wireless Emergency Alerts Service

• Blog
Carol Woody

The Wireless Emergency Alerts (WEA) service went online in April 2012, giving emergency management agencies such as the National Weather Service or a city's hazardous materials team a way to send messages to mobile phone users located in a geographic area in the event of an emergency. Since the launch of the WEA service, the newest addition to the Federal Emergency Management Agency (FEMA) Integrated Public Alert and Warning System (IPAWS),"trust" has emerged as a...

Read More

Contact the Author

Carol Woody

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by Carol Woody

View publications