This is an old revision of the document!
The existing strategy for software and system assurance is already defined by the Systems and software Quality Requirements and Evaluation (SQuaRE). It establishes a common framework for analysis and exchange of information related to system assurance and trustworthiness, and defines the following kinds of assurance that need to be addressed: Information Assurance (IA), Safety Assurance (SfA), Software Assurance (SwA), Mission Assurance (MA) and System Assurance (SysA).
[Julie]Revue - Response to: 1st sentence in next paragraph seems circular, given the list above. Is it saying you need to address the listed types of assurance to better support these types of assurance?
Assurance does not yield a binary True False answers. Assurance is a measure of risk which is a probability or threat of damage, injury, liability, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.1). Assurance is best handled using Structured Assurance Case Metamodels (SACMs) for each of the assurances detailed above. It is in a DIDO community_of_interest_coi best interest to provide assurance measurements of their software, especially those CoI that are offering “coinage” products to provide formal SACM results.