In Week 1, you will select an organization as the target for your software assurance guidelines document. Use the provided outlines to create the document shell. Then, complete the first two sections of the document, which are Project Outline and Security in the Development Life Cycle.

You will select an organization, and apply your research to the analysis and development of software assurance policies and processes that would be appropriate for the organization and the software applications they produce for the government. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project. This is the course's Key Assignment, which you will make contributions to each week.

Project Selection:

The first step will be to select an organization as the target for your software assurance guidelines document. This organization will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines:

Nontrivial: The selected organization should be large enough to allow reasonable exercise of the software assurance guidelines planning process.

Domain Knowledge: You should be familiar enough with the organization to allow you to focus on the planning tasks without significant time required for domain education.

Accessibility: You should have access to the people and other information related to the organization. This will be an important part of the planning process.

The selected organization may already have software assurance guidelines in place and still be used as the basis for the projects in this course. The selected organization must produce software applications for the government, and is therefore subject to software assurance requirements. It is understood that such an organization may not be readily accessible. Therefore, you may feel free to identify a hypothetical organization that meets the requirements. Any necessary assumptions may be made to fulfill the requirements of organization selection.

Select an existing organization, or identify a hypothetical organization that fits the requirements listed above. Submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first several days of the course. After approved, continue to complete the Week 1 assignment described below and submit it.

For the assignments in this course, you will not be implementing any software assurance policies or procedures. You will be developing a comprehensive software assurance guidelines document. Your first task in this process will be to select an organization (or identify a hypothetical organization) to use as the basis of your projects. You will also create the shell document for the final project deliverable that you will be working on during each unit. As you proceed through each project phase, you will add content to each section of the final document to gradually complete the final project deliverable. Appropriate research should be conducted to support the development of your guideline document, and assumptions may be made when necessary.

The project deliverables are the following:

Submit your organization proposal to instructor for approval.

Create a software assurance guidelines document shell in Word. It should include the following:

Create a title page

Course number and name

Project name

Student name

Date

Table of contents (TOC)

Use autogenerated TOC

Separate page

Maximum of 3 levels deep

Update the TOC before submitting your project

Section headings (create each heading on a new page with "TBD" as content, except for sections listed under New Content below)

Project Outline

Security in the Development Life Cycle

Software Assurance Techniques

Security in Nontraditional Development Models

Security Static Analysis

Software Assurance Policies and Processes

New Content

Project outline and requirements

Brief description of the organization (can be hypothetical) and where the guidelines will be implemented

Company size, location(s), and other pertinent information

List of the software applications provided by the company for the government

The software list must include at least 1 desktop and 1 Web application.

A database must be used with one of the applications.

A summary of the software development organization within the company, employees and reporting structure, systems and technologies used for software development, testing, source control, and document storage

Material can be taken from the approved proposal that was submitted to the instructor (ensure that this project is approved by the instructor).

Security in the development life cycle

Provide an outline of the SDLC model that is used in your organization, including each of the major phases.

This should be a traditional SDLC. Extended models, such extreme programming, will be covered in a later section.

Identify specific components of the security development model that can be applied to each of the phases of your SDLC model.

For each pairing of security development model component to SDLC model phase, describe how the security model is applied and the major tasks that are involved.