In this day of frequent acquisitions and perpetual application integrations, systems are often an amalgamation of multiple programming languages and runtime platforms using new and legacy content. Systems of such mixed origins are increasingly vulnerable to defects and subversion.
System Assurance: Beyond Detecting Vulnerabilities addresses these critical issues. As a practical resource for security analysts and engineers tasked with system assurance, the book teaches you how to use the Object Management Group’s (OMG) expertise and unique standards to obtain accurate knowledge about your existing software and compose objective metrics for system assurance. OMG’s Assurance Ecosystem provides a common framework for discovering, integrating, analyzing, and distributing facts about your existing enterprise software. Its foundation is the standard protocol for exchanging system facts, defined as the OMG Knowledge Discovery Metamodel (KDM). In addition, the Semantics of Business Vocabularies and Business Rules (SBVR) defines a standard protocol for exchanging security policy rules and assurance patterns. Using these standards together, you will learn how to leverage the knowledge of the cybersecurity community and bring automation to protect your system.
Provides end-to-end methodology for systematic, repeatable, and affordable System Assurance.
Includes an overview of OMG Software Assurance Ecosystem protocols that integrate risk, architecture and code analysis guided by the assurance argument.
Case Study illustrating the steps of the System Assurance Methodology using automated tools.