The Development of a Graduate
Curriculum for Software Assurance
Mark Ardis, Stevens Institute of Technology
Nancy Mead, Software Engineering Institute


We thank the Department of Homeland Security (DHS)
National Cyber Security Division (NCSD) for their support






We thank our curriculum co-authors:
Julia H. Allen, Software Engineering Institute
Thomas B. Hilburn, Embry-Riddle Aeronautical University
Andrew J. Kornecki, Embry-Riddle Aeronautical University
Richard Linger, Software Engineering Institute
James McDonald, Monmouth University
2


Some of these slides are from Jeff Williams of OWASP
3

1.
2.
3.
4.
5.
6.
7.
Motivation
Sources
Process
Core Body of Knowledge
Curriculum Architecture
Course Outlines and Syllabi
Outreach and Future Plans
4

Motivation

"The business of security for government agencies is growing by an enviable 9 percent a year"
--- NYTimes August 4, 2011
5

What if the software world was only…
100 apps written by 100 developers at 100 companies

Sources for MSwA Recommendations









GSwE2009 – Graduate Software Engineering
Other Curricula
MSE 1989 – Original Graduate Software Engineering
SE 2004 – Undergraduate Software Engineering
CE 2004 – Undergraduate Computer Engineering
CS 2010 – Undergraduate Computer Science
SWEBOK – Software Engineering Body of Knowledge
Textbook by Allen, Mead et al.
Build Security In (BSI) Website
10

Process
11

Core Body of Knowledge



3-level outline of topics
Associated student outcome expectations in terms of
Bloom's Taxonomy
1.
2.
3.
4.
5.
6.
7.
Top Level:
Assurance Across Life Cycles
Risk Management
Assurance Assessment
Assurance Management
System Security Assurance
System Functionality Assurance
System Operational Assurance
12

Curriculum Architecture
13

MSwE with SwA Specialization

Information Sciences with SwA Specialization
15

Course Outlines and Syllabi

16








Course Syllabi:
Assurance Management
System Operational
Assurance
Assured Software Analytics
Assured Software
Development 1
Assured Software
Development 2
Assured Software
Development 3
Assurance Assessment
System Security Assurance



Course Outlines
Undergraduate courses

4 software assurance courses
 1 capstone project course
Community College courses


3 foundation CS courses
3 security courses

Getting Started with MSwA Courses







Implementation options: add 1-2 courses that supplement an existing program (e.g., Master of
Software Engineering, Master of Information Systems) build on strengths of faculty and supplement existing courses build on local industry needs take advantage of resources
 mentoring offered by SwA curriculum team
 other artifacts (e.g., MSwA course outlines, master bibliography) consider starting with a course that does not require prerequisites within the program, such as Assured Software Development 1 or System
Operational Assurance add 1-2 courses each year to build up to a complete MSwA or specialization within another degree program








 http://www.cert.org/mswa/
MSwA Reference Curriculum document undergraduate course outlines
MSwA course outlines and syllabi
2-Year college course outlines master bibliography curriculum overview seminar
VTE workshop from CSEET 2010

Nancy R. Mead, Ph.D.
Senior Technical Staff
CERT ® Program
Software Engineering Institute
Carnegie Mellon University
Email: nrm@sei.cmu.edu
U.S. mail:
Software Engineering Institute
Customer Relations
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
USA
Mark A. Ardis U.S. mail:
Distinguished Service Professor
School of Systems and Enterprises
Stevens Institute of Technology
Email: mark.ardis@stevens.edu
WWW: personal.stevens.edu/~mardis
Stevens Institute of Technology
Castle Point on Hudson
Hoboken, NJ 07030
USA