DETROIT – Consider this. A terrorist group brings down the entire Pacific Northwest electrical grid. Then they disable telecommunication between the U.S. East and West Coast. Then, they shut down the air traffic control system for New York, grounding all air-traffic into and out of the Northeast while at the same time preventing all credit card transactions, by using millions of stolen identities. Other events follow. All of them demonstrate the group?s ability to bring down the U.S.?s economic and defense infrastructure at-will.

What makes this scenario so alarming is the fact that these incidents have already occurred. Which is why the U.S. government has made identification and elimination of exploitable vulnerabilities in software a national priority.

The National Cybersecurity Division of the Department of Homeland Security is spearheading this. There are two initiatives involved. The Build Security In (BSI) program seeks to change the way that software is developed, so that security is built into code from the start. It is based around a catalogue of best practices, which are available from the US-CERT website. Software developers and development organizations can use these to ensure secure code.

The second initiative is much larger. It seeks to develop an overall Common Body of Knowledge (CBK) for software assurance. The goal is to compile a Software Assurance Body of Knowledge (SWABOK), which can guide both business and academia in secure software practice. This CBK was just published (October 3, 2005) in draft version (0.7). It will be commented and finalized by the end of March 2006.

There are three domains within the CBK, Software Acquisition, Software Development and Software Sustainment. Dan Shoemaker, who is Director of the Centre for Assurance Studies at the University of Detroit Mercy, is editor of the Sustainment domain. In addition Jeffrey Ingalsbe, who is the Director of Competitive Intelligence for Ford and Antonio Drommi, the Associate Director of the Centre for Assurance Studies have been primary contributors to this section.

Persons interested in information about the SWABOK initiative can find it at STSC.Hill.AF.Mil or they can contact Dan Shoemaker [email protected]