Talk:Software security assurance

This page was proposed for deletion by Joereddington (talk · contribs) on 18 June 2026.

This article is rated Start-class on Wikipedia's content assessment scale.
It is of interest to the following WikiProjects:

Computing: Software / Security Mid‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing

Mid This article has been rated as Mid-importance on the project's importance scale.

This article is supported by WikiProject Software (assessed as High-importance).

This article is supported by WikiProject Computer security.

Things you can help WikiProject Computer security with:

How you can help:

Add to your watchlist the project talk page! Post there for help with articles or to suggest articles that need work.
Request editing suggestions on your talk page by entering WikiProject_Computer_security into this template.
Check the article alerts to participate in deletion discussions, review Good Article nominees, and review draft articles.
Edit any articles that interest you. Recommended:
Review changes to popular articles or changes to talk pages.
Replace deprecated archival service links.
Fix something on the list of articles that need cleanup, including:
- Clarification needed
- Rewrite needed
- Expansion needed
- Style editing needed
- Update needed
- Orphaned (add links from other articles to these articles)
- Conflict of interest
- Original research
- Promotional tone
- Biographies of living persons (BLP) articles lacking sources
- Cites no sources
- Cites unreliable sources

Of the 3593 articles in this project 1978 or 55% are marked for cleanup, with 4023 issues in total.

Editing resources:

Computer security: Computing High‑importance

This article is within the scope of WikiProject Computer security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer securityWikipedia:WikiProject Computer securityTemplate:WikiProject Computer securityComputer security

High This article has been rated as High-importance on the project's importance scale.

This article is supported by WikiProject Computing (assessed as Mid-importance).

Things you can help WikiProject Computer security with:

How you can help:

Add to your watchlist the project talk page! Post there for help with articles or to suggest articles that need work.
Request editing suggestions on your talk page by entering WikiProject_Computer_security into this template.
Check the article alerts to participate in deletion discussions, review Good Article nominees, and review draft articles.
Edit any articles that interest you. Recommended:
Review changes to popular articles or changes to talk pages.
Replace deprecated archival service links.
Fix something on the list of articles that need cleanup, including:
- Clarification needed
- Rewrite needed
- Expansion needed
- Style editing needed
- Update needed
- Orphaned (add links from other articles to these articles)
- Conflict of interest
- Original research
- Promotional tone
- Biographies of living persons (BLP) articles lacking sources
- Cites no sources
- Cites unreliable sources

Of the 3593 articles in this project 1978 or 55% are marked for cleanup, with 4023 issues in total.

Editing resources:

Guild of Copy Editors

This article was copy edited by Paulmnguyen, a member of the Guild of Copy Editors, on 26 August 2010.Guild of Copy EditorsWikipedia:WikiProject Guild of Copy EditorsTemplate:WikiProject Guild of Copy EditorsGuild of Copy Editors

Copy edit

I have reviewed this article. The grammar was good; there were some capitalization errors, especially in section titles, and some cases in which a paragraph/sentence-based list was more appropriate than a bulleted or numbered list.

The content looks a bit brief for this topic; wikification will aid in readers' understanding, but some phases of this process are introduced without any discussion of their ramifications or important considerations. -Paulmnguyen (talk) 23:52, 26 August 2010 (UTC)[reply]

I did some wikification and rewrote the lead section to be more forward, rather than like the slow introduction of a textbook. I still think that the article deserves more "meat on its bones." -Paulmnguyen (talk) 00:23, 27 August 2010 (UTC)[reply]

Merge to Software assurance

Noting @Joereddington's proposed deletion reason: "Article is largely an unsourced how-to/essay-style treatment of software security assurance rather than an encyclopaedic article. It has carried citation and instructional-content maintenance tags for many years, relies mainly on one dated 2007 report plus weak/non-specific references, and substantially overlaps with broader topics such as secure by design, secure coding, software quality, and security engineering. No clear independent notability is established for this as a standalone topic."

Based on WP:ATD-M: "If two pages are duplicates or otherwise redundant, one should be merged and redirected to the other, using the most common, or more general page name." I recommend merging this to software assurance, since people use that term in a way that includes security assurance:

NIST definition of "software assurance": "The level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software throughout the lifecycle."^[1]

"This article...proposes a new Security Assurance Model (SAM) for Software Development...The SAM of Software Development consists of seven security assurance levels: Governance and Security Threat Analysis, Secure Requirement Analysis, Secure Design, Secure Coding, Secure Testing and Review, Secure Deployment, and Security Improvement."^[2]

"This study advances the core concepts of software security through the application of security assurance techniques, including vulnerability scanning, code review, penetration testing, threat assessment, control evaluation, mitigation, risk assessment, and configuration review. In the context of the Software Security Reliability Model (SSRM), a framework was developed to enhance software security assurance across different stages."^[3]

"The acquisition and operation of a system with effective software assurance requires effective software risk management throughout the lifecycle to identify and mitigate potential mission impacts...our team of researchers in cybersecurity, acquisition, and system and software engineering have identified five foundational capabilities (pillars) that must be well established to support the acquisition of a system with effective software assurance: Software Requirements, Software Supply Chain Risk Management, Software Quality, System Integration, and Software Metrics."^[4]

"Software assurance encompasses the development and implementation of methods and processes for ensuring that software functions as intended while mitigating the risks of vulnerabilities, malicious code or defects that could bring harm to the end user."^[5]
The NIST SAMATE (Software Assurance Metrics And Tool Evaluation) project...Development of metrics for the effectiveness of software security assessment (SSA) tools...The first part classifies Software Security Assurance tools and develops metrics and tests for each tool class."^[6]

References

^ "Glossary: software assurance (SwA)". NIST Computer Security Resource Center. Archived from the original on 2026-02-18. Retrieved 2026-06-19.
^ Khan, Rafiq Ahmad; Khan, Siffat Ullah; Alzahrani, Musaad; Ilyas, Muhammad (2022). "Security Assurance Model of Software Development for Global Software Development Vendors". IEEE Access. 10: 58458–58487. doi:10.1109/ACCESS.2022.3178301. ISSN 2169-3536.
^ Ali, Mohammad; Ullah, Ahsan; Islam, Md. Rashedul; Hossain, Rifat (2025-03-01). "Assessing of software security reliability: Dimensional security assurance techniques". Comput. Secur. 150 (C). doi:10.1016/j.cose.2024.104230. ISSN 0167-4048.
^ "The Five Pillars of Software Assurance in System Acquisition". CMU Software Engineering Institute. 2026-03-04. Retrieved 2026-06-19.
^ "Software Assurance: An Overview of Current Industry Best Practices" (PDF). Software Assurance Forum for Excellence in Code (SAFECode). February 2008. Retrieved 19 June 2026.
^ "Software Assurance Metrics And Tool Evaluation (SAMATE)". NIST.

Dreamyshade (talk) 20:06, 19 June 2026 (UTC)[reply]

[1] "Glossary: software assurance (SwA)". NIST Computer Security Resource Center. Archived from the original on 2026-02-18. Retrieved 2026-06-19.

[2] Khan, Rafiq Ahmad; Khan, Siffat Ullah; Alzahrani, Musaad; Ilyas, Muhammad (2022). "Security Assurance Model of Software Development for Global Software Development Vendors". IEEE Access. 10: 58458–58487. doi:10.1109/ACCESS.2022.3178301. ISSN 2169-3536.

[3] Ali, Mohammad; Ullah, Ahsan; Islam, Md. Rashedul; Hossain, Rifat (2025-03-01). "Assessing of software security reliability: Dimensional security assurance techniques". Comput. Secur. 150 (C). doi:10.1016/j.cose.2024.104230. ISSN 0167-4048.

[4] "The Five Pillars of Software Assurance in System Acquisition". CMU Software Engineering Institute. 2026-03-04. Retrieved 2026-06-19.

[5] "Software Assurance: An Overview of Current Industry Best Practices" (PDF). Software Assurance Forum for Excellence in Code (SAFECode). February 2008. Retrieved 19 June 2026.

[6] "Software Assurance Metrics And Tool Evaluation (SAMATE)". NIST.

[1]

[2]

[3]

[4]

[5]

[6]