A Framework for Modeling the Software Assurance Ecosystem: Insights from the Software Assurance Landscape Project

This report describes the Carnegie Mellon® Software Engineering Institute (SEI) Assurance Modeling Framework. It also discusses an initial piloting of the framework to prove its value and in-sights gained from that piloting for the adoption of selected assurance solutions. The SEI is developing a way to model key aspects of assurance to accelerate the adoption of assurance solutions within operational settings for the U. S. Department of Defense (DoD) and other government organizations. As part of that undertaking, SEI researchers have developed an Assurance Modeling Framework to build a profile for an assurance capability area such as vulnerability management within an assurance quality such as security. The profile consists of many views developed using selected methods and models. From the analysis of these views, inefficiencies and candidate improvements for assurance adoption can be identified.