Software Assurance (SA)

Software Assurance (SA)


About this course

The overall goal of this course is to build security into software lifecycles.

SA ensures that the software you develop or acquire operates as you expect it to. To achieve this goal, SA integrates different methods, processes, and practices into the acquisition and development lifecycle to ensure resulting systems and software components and compositions address software assurance, information assurance, supply chain risk management, and more.

We offer training and capabilities that support the definition, measurement, and management of software risk for complex networked systems, and systems of systems, so that program managers, engineers, developers, testers, and other groups can plan for current and future software acquisition and development, validate and sustain systems and software, and deliver the operational results your organization expects of its software.


  • Software Acquirer
  • Software Developers,
  • Systems Engineers,
  • Software Engineer,
  • Software
  • Systems Assurance Managers.
  • Apply techniques to identify security requirements
  • Identify and address cybersecurity weakness early—in the design phase of the software development lifecycle
  • Recognize gaps in current supply chain risk management
  • Understand and assess new threat modeling methods to apply in a system environment

The program consists of five components delivered at ECF training center by a professional trainer:

  • Software Assurance Methods in Support of Cybersecurity Engineering
  • Security Quality Requirements (SQUARE) Workshop
  • Security Risk Analysis (SERA) Tutorial
  • Supply Chain Risk Management Course
  • Advanced Threat Modeling Course

Benefit of the training: Security Threats Grow as Software Evolves

Today, with the speed at which practices are changing, software development and use can often seem to be as much of an art as they are a science. As software tools become more broadly available, there is greater opportunity to write software, but also to tamper with existing systems. Also, software is now widely shared, and new approaches for reducing the cost of development and increasing the speed of delivery are constantly growing and expanding. As organizations rely on this evolving technology, patterns of operational failure, misuse, and abuse emerge with more frequency from a variety of sources, including from supply chains, as well as from weak internal practices during software acquisition or development. These problems are of especial concern when it comes to the software products that run critical instruction, monitor and manage our money, or control our buildings and transportation, to name just a few examples.

Cases of software misuse occur when attackers find vulnerabilities that make software do what designers and developers did not expect it to. Many organizations have struggled to build effective practices that can discover these unexpected vulnerabilities before attackers do, let alone manage the growing threats stemming from weak acquisition and legacy, as well as from third party or supply chain management (SCRM) practices.

With all these challenges, how can organizations best build their workforce to apply effective cyber security and SCRM practices for development-, acquisition-, and supply chain-related jobs that already exist? What are the best strategies for improving standards, processes, practices, and tools for cybersecurity and supply chain management, and what strategies are best to avoid? Who should establish cybersecurity and SCRM requirements and what should those people know? In each of these areas, how can we measure success and monitor for problems?


Our course begins with the first step for generating great user experiences: understanding what people do, think, say, and feel. In this module, you’ll learn how to keep an open mind while learning.

Total numbers of students in course
Protect your information assets from cyberthreats and assist you in solving your computer security problems.