Common Weakness Enumeration

CWE Glossary Definition

Software Assurance Pocket Guide Series

The Software Assurance (SwA) Pocket Guides are a series of Pocket Guides, sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD), targeted at specific portions of the software assurance life cycle. These guides should be your next step in learning about software assurance.

Currently, the Pocket Guides cover the following topics:

• Software Assurance in Acquisition and Contract Language
• Software Supply Chain Risk Management and Due Diligence
• Key Practices for Mitigating the Most Egregious Exploitable Software Weaknesses
• Software Security Testing
• Requirements and Analysis for Secure Software
• Architecture and Design Considerations for Secure Software
• Secure Coding
• Software Assurance in Education, Training & Certification

Anticipated future pocket guide topics include:

• Integrating Security in the Software Development Life Cycle
• Security Considerations for Technologies, Methodologies & Languages
• Secure Software Distribution, Deployment, & Operations
• Code Transparency & Software Labels
• Assurance Case Management
• Assurance Process Improvement & Benchmarking
• Secure Software Environment & Assurance Ecosystem
• Penetration Testing throughout the Life Cycle
• Making Software Security Measurable
• Practical Measurement Framework for SwA & InfoSec
• SwA Business Case & Return on Investment