Note: This page is part of the archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact if you have any questions about the US-CERT website archive.

Best Practices

A significant portion of the BSI effort will be devoted to best practices that can provide the biggest return considering current best thinking, available technology, and industry practice.

There are seven objectives that are key to understanding the nature of Software Assurance Best Practices for the stakeholder community of practice.

Title Updated
Training and Awareness 2013-08-07
Security and Project Management 2013-08-06
An Evaluation of Cost-Benefit Using Security Requirements Prioritization Methods 2013-08-05
White Box Testing 2013-07-05
Scale: System Development Challenges 2013-07-05
Risk-Based and Functional Security Testing 2013-07-05
Risk Management Framework (RMF) 2013-07-05
The Common Criteria 2013-07-05
SQUARE Process 2013-07-05
Requirements Prioritization Case Study Using AHP 2013-07-05
"Requirements Elicitation Case Studies Using IBIS, JAD, and ARM" 2013-07-05
Introduction to the CLASP Process 2013-07-03
Predictive Models for Identifying Software Components Prone to Failure During Security Attacks 2013-07-03
Measuring The Software Security Requirements Engineering Process 2013-07-03
Measures and Measurement for Secure Software Development 2013-07-03
Incident Management 2013-07-02
Risk-Centered Practices 2013-07-02
"Prioritizing IT Controls for Effective, Measurable Security" 2013-07-02
"Plan, Do, Check, Act" 2013-07-02
Navigating the Security Practice Landscape 2013-07-02
Identity in Assembly and Integration 2013-07-02
"Security Concepts, Challenges, and Design Considerations for Web Services Integration" 2013-07-02
Architectural Risk Analysis 2013-07-02
System-of-Systems Influences on Acquisition Strategy Development 2013-07-02
Supply-Chain Risk Management: Incorporating Security into Software Development 2013-07-02
Finding a Vendor You Can Trust in the Global Marketplace 2013-07-02
Assuring Software Systems Security: Life Cycle Considerations for Government Acquisitions 2013-07-02
Building Security into the Business Acquisition Process 2013-07-02
Maturity of Practice 2013-05-23
Individual Certification of Security Proficiency for Software Professionals: Where Are We? Where Are We Going? 2013-05-21
How Much Security Is Enough? 2013-05-21
Business Case 2013-05-21
Adapting Penetration Testing for Software Development Purposes 2013-05-21
Integrating Security and IT 2013-05-21
Requirements Engineering Annotated Bibliography 2013-05-21
Software Security Engineering: A Guide for Project Managers 2013-05-15
Deployment and Operations References 2013-05-14
Assessing Security Risk In Legacy Systems 2013-05-14
Security Considerations in Managing COTS Software 2013-05-14
Software Security in Legacy Systems 2013-05-14
A Systemic Approach for Assessing Software Supply-Chain Risk 2013-05-14
Deploying and Operating Secure Systems 2013-05-14
"Assembly, Integration, and Evolution Overview" 2013-05-14
Acquisition Overview: The Challenges 2013-05-14
Framing Security as a Governance and Management Concern: Risks and Opportunities 2013-05-14
Governance and Management References 2013-05-14
Security Is Not Just a Technical Issue 2013-05-13
Optimizing Investments in Security Countermeasures: A Practical Tool for Fixed Budgets 2013-05-13
Requirements Prioritization Introduction 2013-05-13
Requirements Elicitation Introduction 2013-05-13
Introduction to System Strategies 2012-06-27
Security-Specific Bibliography 2012-06-20
Security Requirements Engineering 2010-07-14
Code Analysis 2008-11-03
Code Analysis - References 2008-11-03
Software Engineering Bibliography 2008-09-29
Application Firewalls and Proxies - Introduction and Concept of Operations 2008-09-27
The Role of Computer Security Incident Response Teams in the Software Development Life Cycle 2008-08-20
System Strategies References 2007-05-17
Defining Computer Security Incident Response Teams 2007-01-24
The Influence of System Properties on Software Assurance and Project Management 2006-02-06
Architectural Risk Analysis - Business Case 2005-11-04
Architectural Risk Analysis - References 2005-11-04
Trustworthy Composition: The System Is Not Always the Sum of Its Parts 2005-09-28
Risk Management Framework Glossary 2005-09-21
Risk Management Framework: Business Case 2005-09-21
Risk Management Framework References 2005-09-21