In-absentia presentation to the FAST 2010 audience.
Software assurance, as practiced through the Common Criteria, is a mixture of processes, heuristics, and lessons learned from earlier failures. At the other end of the spectrum, formal methods establish rigorous math- ematical properties of portions of code. By themselves, neither of these practices are scalable to software systems with millions or billions of lines of code. We propose a framework that enables the collection and analysis of many disparate types of information to be applied to the issue of software assurance. Trust relationship modeling enables stakeholders to decompose the overall security policies into security obligations through- out a system, and then to reason about the consequences.