Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Software Assurance Methods in Support of Cyber Security

This workshop is focused on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. The purpose of this course is to expose managers, engineers, and acquirers to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.

The introduction establishes the importance of focusing on software assurance within the current development and acquisition environment. Assurance methods relevant to each of the four critical software assurance areas are presented and participants are encouraged to discuss ways that adoption into the existing acquisition and development life cycles would improve their organizational software assurance.

Who should attend?

The target audience includes software managers and technical leads, software and lead engineers, software and system acquisition experts, and program/project management who are concerned with software security assurance across the acquisition and development life cycles.


  • Introduction to the value of software assurance for development and acquisition
  • Mission thread analysis and the use of the Survivability Analysis Framework to apply assurance to mission threads
  • Supply chain risk management and its role in software assurance
  • Security requirements (overview of the course Security Requirements Engineering Using the SQUARE Method)
  • Measurement for software assurance using the Integrated Measurement and Analysis Framework


  • Attendees will understand the challenges of software assurance
  • Attendees will be exposed to key concepts and methods for security risk analysis and measurement, security requirements elicitation, mission thread analysis, supply chain risk analysis
  • Attendees will begin planning how they will address software assurance for acquisition and development programs
  • Attendees will understand the best practices that can be implemented for software assurance


This course has no prerequisites.


Participants will receive:

  • Course student notebook
  • Copy of Addison Wesley book Software Security Engineering: A Guide for Project Managers


This one day course meets at the following times:
9:00 a.m. - 5:00 p.m.

Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials.

Course Details

This course may be offered by special arrangement at customer sites.

For More Information

Phone: 412-268-7622