search menu icon-carat-right cmu-wordmark

Software Acquisition Curriculum

Educational Material
This course covers how to identify, validate, and resolve supply-chain issues that can occur when acquiring commercial off-the-shelf and custom software solutions.

Software Engineering Institute


Secure acquisition is a management/technical discipline that ensures the integrity of purchased systems and networks. Secure acquisition ensures that all purchasing risks and single points of failure are identified and mitigated to a sufficient level of satisfaction for all of the stakeholders up and down the supply chain. Secure acquisition is built around a strategic, enterprise level planning and control process and is widely thought to be a function of generic risk management and technical assurance. However, because of the multifaceted environment it operates in, secure acquisition involves a much more comprehensive set of basic activities than simple software assurance. Mitigation development and deployment of a secure acquisition process involves a range of academic disciplines from governance, to specification and analysis, legal and regulatory compliance to knowledge management and testing. Acquisition assurance is typically established at three levels in the organization: strategic, project infrastructure, and individual product assurance. This course examines all three of these from a top down perspective.