buildsecurityin.us-cert.govBuild Security In | CISA

Skip to main content Official website of the Department of Homeland Security Enter Search Terms(s): Toggle navigation Enter Search Terms(s): CertMain Menu About Us Alerts and Tips Resources Industrial Control Systems Report TLP:WHITE TLP:WHITE Topics Best Practices Articles Knowledge Articles Tools Articles Build Security In Build Security In / Software & Supply Chain Assurance content is no longer updated. The articles are provided here for historical reference. Suggested resource: https://www.cert.org/cybersecurity-engineering/ Build Security In was a collaborative effort that provided practices, tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development. Software assurance (SwA) is the level of confidence that soft ware is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. Best Practices Articles A significant portion of the BSI effort was devoted to best practices that can provide the biggest return considering current best thinking, available technology, and industry practice. Topics Acquisition Architectural Risk Analysis Assembly, Integration, and Evolution Code Analysis Deployment and Operations Governance and Management Incident Management Insider Threat Legacy Systems Measurement Penetration Testing Project Management Requirements Engineering Risk Management Security Testing System Strategies Training and Awareness White Box Testing Knowledge Articles Software defects with security ramifications, including implementation bugs and design flaws such as buffer overflows and inconsistent error handling, promise to be with us for years. Recurring patterns of software defects leading to vulnerabilities have been identified, and the BSI team documented detailed instructions on how to produce software without these defects. Topics Assurance Cases Attack Patterns Business Case Models Coding Practices Lessons Learned Principles SDLC Process Software Assurance Education Tools Articles The BSI site includes an explanation of the following types of tools: Modeling Tools, Source Code Analysis Tools, and Black Box Testing. Descriptions are included of the technologies, how they work, and why they are useful. Topics Black Box Testing Modeling Tools Penetration Testing Tools Source Code Analysis Additional Resources The BSI site includes an explanation of the following types of tools: Modeling Tools, Source Code Analysis Tools, and Black Box Testing. Descriptions are included of the technologies, how they work, and why they are useful. Software Engineering Institute: Security & Survivability Survivability and Information Assurance (SIA) Curriculum Making Security Measurable NIST Software Assurance Metrics And Tool Evaluation (SAMATE) Project Contact Us (888)282-0870 Send us email Download PGP/GPG keys Subscribe to Alerts Receive security alerts, tips, and other updates. Enter your email address HSIN Report Home Site Map FAQ Contact Us Traffic Light Protocol PCII Accountability Disclaimer Privacy Policy FOIA No Fear Act Accessibility Plain Writing Plug-ins Inspector General The White House USA.gov CISA is part of the Department of Homeland Security...