return to Fundamental Views

The existing strategy for software and system assurance is already defined by the Systems and software Quality Requirements and Evaluation (SQuaRE). It establishes a common framework for analysis and exchange of information related to system assurance and trustworthiness, and defines the following kinds of assurance that need to be addressed: Information Assurance (IA), Safety Assurance (SfA), Software Assurance (SwA), Mission Assurance (MA) and System Assurance (SysA).

Assurance does not yield binary true / false answers. Assurance is a measure of risk which is a probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.¹⁾. Assurance is best handled using Structured Assurance Case Metamodels (SACMs) for each of the assurances detailed above. A DIDO community of interest (CoI) best interest is to provide assurance measurements of their software, especially those CoIs that are offering “coinage” products to provide formal SACM results.

See

• ISO/IEC 7816 Integrated Circuit Card Family of Specificaions
• OMG: Structured Assurance Case Metamodel (SACM)