Abstract
Much active research has been done on service science in order to improve productivity, efficiency and customer satisfaction of IT service. If any software application or module in IT service behaves incorrectly, service quality and customer satisfaction will decrease significantly. In order to solve such problems, research on software assurance has been drawn much attention recently. Most widely recognized research has been carried out by various government agencies and research institutes such as DHS, DoD, NIST, NASA, SAFECode, CWE™, and SANS. This paper investigates various research on software assurance and discusses the unconsidered matters that have not been studied or solved yet. Finally, a system for the improved software assurance is proposed.
Similar content being viewed by others
References
Black PE (2006) SAMATE’s Contribution to Information Assurance. IAnewsletter 9(2)
Black PE (2007) Source code security analysis tool functional specification Version 1.0. National Institute of Standards and Technology
Black PE (2008) Software assurance tools: Web application security scanner functional specification Version 1.0. National Institute of Standards and Technology
Bob Martin, Mason Brown, Alan Paller, Steve Christey (2009) 2009 CWE/SANS Top 25 Most Dangerous Programming Errors, CWE™
Coppit D, Yang J, Khurshid S, Le W, & Sullivan K (2005) Software assurance by bounded exhaustive testing. IEEE Transactions on Software Engineering
Denney E, Fischer B, Schumann J, & Richardson J (2005) Automatic certification of Kalman filters for reliable code generation, Aerospace Conference. IEEE, 1–10
Department of Homeland Security (2008) Department of Homeland Security (DHS), http://www.dhs.gov. Accessed 2008-12-2
Departmenta of Defense (2008) United States Department of Defense (DoD). http://www.defenselink.mil. Accessed 2008-12-15
MITRE (2008) Common Weakness Enumeration (CWE), http://cwe.mitre.org. Accessed 2008-11-17
NASA (1989) Software Assurance Guidebook, NASA-GB-A201
NASA (1992) Software Assurance Standard, NASA-STD-2201-93
NASA (2008a) National Aeronautics and Space Administration (NASA), http://www.nasa.gov. Accessed 2008-12-22
NASA (2008b) Software Assurance Technology Center (SATC), http://satc.gsfc.nasa.gov/tools/index.php. Accessed 2008-11-12
NIST (2005) Software Assurance Metrics And Tool Evaluation (SAMATE). http://samate.nist.gov. Accessed 2008-12-18
NIST (2007) SAMATE Reference Dataset (SRD), http://samate.nist.gov/SRD. Accessed 2008-12-17
NIST (2008) National Institute of Standards and Technology (NIST), http://ts.nist.gov. Accessed 2008-11-28
OMG (2008) Object Management Group (OMG). http://www.omg.org. Accessed 2008-11-24
SAFECode (2008a) Software Assurance: An Overview of Current Industry Best Practices
SAFECode (2008b) Software Assurance Forum for Excellence in Code (SAFECode), http://www.safecode.org. Accessed 2008-12-11
SANS Institute (2008) SysAdmin, Audit, Network, Security (SANS). http://www.sans.org. Accessed 2008-12-3
Software Assurance Consortium (2008) Software Assurance Consortium (SwAC), http://swaconsortium.org. Accessed 2008-11-18
Steven M. Christey, Conor O. Harris, Janis E. Kenderdine, Robert A. Martin (2009) CWE (Common Weakness Enumeration) A Community-Developed Dictionary of Software Weakness Types, CWETM, CWE Version 1.4
Vecellio G & Thomas WM (2000) Issues in the assurance of component-based software, In Proceedings of the 2000, International Workshop on Component-Based Software Engineering. Carnegie Mellon Software Engineering Institute
Author information
Authors and Affiliations
Corresponding authors
Additional information
WoongChul Choi received the B.S. and M.S. degrees in Computer Engineering from Seoul National University in 1988 and 1991 and the Ph.D. degree in Computer Science from University of Illinois, Urbana-Champaign, IL., USA., respectively. He was a research scientist at Telcordia Technologies(formerly Bellcore), Morristown, NJ., USA. He is currently an associate professor in the Department of Computer Science at KwangWoon University, Seoul, Korea. He is a CISA, CISSP, CCAI, CCNA.
DaeHun Yoo received the B.S. degree in Mathematics in 2005, the M.S. degree in Computer Science in 2007 and is currently a Ph.D. Student at KwangWoon University, Seoul, Korea, respectively. His research interests include software assurance, ad hoc networks and network security.
Rights and permissions
About this article
Cite this article
Choi, W., Yoo, D. Software assurance towards better IT service. J Serv Sci 1, 31–56 (2009). https://doi.org/10.1007/s12927-009-0003-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12927-009-0003-1