CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > Community > Software Assurance  

Getting Started in Software Assurance (SwA)

Success of the mission should be the focus of software and other assurance activities.  Although increasing automation of various capabilities has provided great boons to our organizations, this automation is also at risk for becoming a targeted focus for attackers' attentions and techniques. Recognizing that your software and supply chain have exploitable weaknesses is a major step to improving the reliability, resilience, and integrity of your software when it faces attacks.

The key to gaining assurance about your software is to make incremental improvements when you develop it, when you buy it, and when others create it for you. No single remedy will absolve or mitigate all of the weaknesses in your software, or the risk. However, by blending several different methods, tools, and change in culture, one can obtain greater confidence that the important functions of the software will be there when they are needed and the worst types of failures and impacts can be avoided.

There is no crystal ball, or magic wand one can use to ensure software is absolutely secure against the unknown.  However, there are ways to limit negative impacts and improve confidence in software-based capabilities and their ability to deliver their part to the organization's mission.

This section of the CWE Web site introduces specific steps you can take to 1) assess your individual software assurance situation and 2) compose a tailored plan to strengthen assurance of integrity, reliability, and resilience of your software and its supply chain. Learn more by following the links below:

Page Last Updated: February 17, 2014