Abstract
Given the stakes in a world where losses to cyber-attacks are becoming unsustainable, every organization’s software inventory should be ensured by a substantive, properly documented, and rational process. Software assurance is the explicitly designed and implemented function that ensures that the specific security goals of the organization will be maintained. The development and instantiation of a software assurance process is essentially a matter of good management. The problem though, is that the process itself is often a black box for managers. This will explain the role and function of software assurance as well as the major factors that should be kept in mind when developing and overseeing the process.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Additional information
Notes on contributors
Gregory Laidlaw
Gregory Laidlaw, DMIT, CISSP, C|EH, serves as the Chair and is a Lecturer in the Cybersecurity & Information Systems Department at the University of Detroit Mercy. Greg’s research focuses on secure systems, human factors in security, and design usability. Prior to transitioning into full-time academia in 2011, Greg developed an extensive range of technical and managerial experience from 25 years of IT consulting in small enterprise and local government organizations. Greg utilizes his expertise in programming, network infrastructure and database design, system security, and data integration in the classroom and was instrumental in the formation and leadership of the student-led Detroit Mercy Cybersecurity Club. Greg earned his Doctor of Management Information Technology from Lawrence Technological University and Master of Science in Finance from Walsh College.
Dan Shoemaker
Dan Shoemaker, Ph.D., is principal investigator and senior research scientist at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan has served 30 years as a professor at UDM with 25 of those years as department chair. He served as a co-chair for both the Workforce Training and Education and the Software and Supply Chain Assurance Initiatives for the Department of Homeland Security and was a subject matter expert for the NICE Workforce Framework 2.0. Dan has coauthored seven books in the field of cybersecurity and has authored over one hundred journal publications. Dan earned his PhD from the University of Michigan.