Software Assurance Ecosystems

The Software Assurance and Modernization Ecosystem is an open standards based plug and play environment for automated vulnerability testing tools and services.

The Software Assurance Ecosystem brings together three separate communities :

  • The formal methods community, that creates machine-readable software assurance content that can drive source code analysis tools
  • The reverse engineering community, that has extensive expertise in delivering software analytics related to large, diverse enterprise software systems
  • Source code analysis community, that provides capabilities for automatic static analysis of software

The foundation of the Software Assurance and Modernization Ecosystem is the Knowledge Discovery Metamodel specification – a standard language-independent and vendor-neutral representation for representing existing software systems. The Knowledge Discovery Metamodel allows interoperability between automated vulnerability testing tools. The KDM specification was developed by the Object Management Group.

While the ”KDM Ecosystem” is a broad community of tools, components and services built on the foundation of shared ontology, offering knowledge-based integration, the Software Assurance Ecosystem leverages the semantic integration of source code analysis tools offered by the Knowledge Discovery Metamodel. It uses this common ontology to provide a foundation for developing reusable machine-readable content for Software Assurance.

Common reusable content for Software Assurance is developed using another standard from the Object Management Group (OMG), the Semantics of Business Vocabulary and Business Rules (SBVR). SBVR and KDM are designed as two parts of a unique OMG Technology Stack for software analytics related to existing software systems.