Software Engineering Institute

This collection of supplementary materials and references is intended to help organizations use SEI Software Assurance Curricula in academic settings or workforce development efforts.

The Roadmap to Software Assurance Competency can help your organization initiate the use of software assurance competencies.

The SEI developed the Software Assurance Competency Model to create a foundation for assessing and advancing the capability of software assurance professionals. Endorsed by IEEE Computer Society, this model helps organizations and individuals determine their SwA competency across a range of knowledge areas and units. It provides a span of competency levels 1 through 5 as well as a decomposition into individual competencies based on knowledge and skills. It is a framework that an organization can adapt to its particular domain, culture, or structure.

On July 5, 2014, the Software and Systems Engineering Committee of the IEEE Computer Society Professional Activities Board (PAB) endorsed the SEI Software Assurance Competency Model as being both appropriate for software assurance roles and consistent with A Framework for PAB Competency Models.

These are donated materials that could supplement a variety of software assurance courses at various academic levels or in workforce development.

• SQUARE Instructional Materials
• Software Security Engineering Course

• CERT Insider Threat Program Manager Certificate
• CERT Insider Threat Vulnerability Assessor Certificate

• CERT Secure Coding in C and C++ Professional Certificate
• CERT Secure Coding in Java Professional Certificate

Secure Software Design and Programming Course

These course materials, developed by David A. Wheeler for his Secure Software Design and Programming graduate course (SWE-681/ISA-681) at George Mason University, include presentations (available under the Creative Commons CC-BY-SA license) and a book.

Static Analysis for Software Quality Seminar

Altran Praxis developed a case study for the National Security Agency that demonstrates correct software by construction using formal specification and verification. With the proper tools (which are available to academic users for free), you can compile and execute the implementation, which uses a subset of Ada. In addition, you can use the verification tools to check the formal proofs.