This is a resource for ‘getting started’ in educating, training and certifying a workforce to build secure software.  It describes how to promote awareness of the engineering activities and knowledge areas needed to build software that operates as expected, free from vulnerabilities.  It summarizes how to train to prevent vulnerabilities from being intentionally designed into the software or accidentally inserted at any time during its life cycle. To do so, this guide describes knowledge areas for software assurance, starting with the core areas of study and extending to sub-disciplines to enhance with software security subject materials. It then presents lists of resources for accomplishing such study, including programs, tools, and books, with pointers on their use.  Lastly, this guide describes the people who make up a security-conscious system development team, their education, titles, credentials, and standards.  As part of the Software Assurance (SwA) Pocket Guide series, this resource is for information only. For details, see referenced source documents. For proper attribution, please include mention of these sources when referencing any part of this document.

The Need for SwA