Software assurance

Level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at anytime during its life cycle, and that the software functions in the intended manner.

Software-based fault isolation

A method of isolating application modules into distinct fault domains enforced by software. The technique allows untrusted programs written in an unsafe programming language (e.g., C) to be executed safely within the single virtual address space of an application. Access to system resource can also be controlled through a unique identifier associated with each domain.

Software cages

As a part of technical safeguards for active content, software cages constrain the mobile code’s behavior (e.g., privileges or functions) during execution. Software cage and quarantine mechanism are part of behavior controls that dynamically intercept and thwart attempts by the subject code to take unacceptable actions that violate a security policy. Mobile code based on predefined signatures (i.e., content inspection) refers to technologies such as dynamic sandbox, dynamic monitors, and behavior monitors, which are used for controlling the behavior of mobile code. Statistics are used to verify the behavioral model.

Software development methodologies

Methodologies for specifying and verifying design programs for system development. Each methodology is written for a specific computer language.

Software enhancement

Significant functional or performance improvements.

Software engineering

The use of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software, that is, the use of engineering principles in the development of software.

Software escrow arrangement

Something (e.g., a document, software source code, or an encryption key) that is delivered to a third person to be given to the grantee only upon the fulfillment of a condition or a contract.

Software library

The controlled collection of configuration items associated with defined baselines: Three libraries can exist: (1) dynamic library used for newly created or modified software elements, (2) controlled library used for managing current baselines and controlling changes to them, and (3) static library used to archive baselines.

Software life cycle

The sequence of events in the development or acquisition of software.

Software maintenance

Activities that modify software to keep it performing satisfactorily.

Software operation

Routine activities that make the software perform without modification.

Software performance engineering

A method for constructing software to meet performance objectives.

Software quality assurance

The planned systematic pattern of all actions necessary to provide adequate confidence that the product or process by which the product is developed conforms to established requirements.

Software reengineering

The examination and alteration of a subject system to reconstitute it in a new form and the subsequent implementation of the new form. Software reengineering consists of reverse engineering followed by some form of forward engineering or modification. One reason to consider reengineering is the possible reduction of software maintenance costs. The goal is to improve the quality of computer systems.

Software release

An updated version of commercial software to correct errors, resolve incompatibilities, or improve performance.

Software reliability

The probability that given software operates for some time period, without system failure due to a software fault, on the machine for which it was designed, given that it is used within design limits.

Software repository

A permanent, archival storage place for software and related documentation.

Software security

Those general-purpose (executive, utility, or software development tools) and application programs and routines that protect data handled by a computer system and its resources.

Source code

A series of statements written in a human-readable computer programming language.

Spam

The abuse of electronic messaging systems to indiscriminately send unsolicited bulk commercial e-mail messages and junk e-mails.

Spam filtering software

A computer program that analyzes e-mails to look for characteristics of spam, and typically places messages that appear to be spam in a separate e-mail folder.

Spamming

Posting identical messages to multiple unrelated newsgroups on the Internet (e.g., USENET). Often used as cheap advertising to promote pyramid schemes or simply to annoy other people.

Spanning port

A switch port that can see all network traffic going through the switch.

Spanning tree

Multicast and broadcast routing is performed using spanning trees, which makes excellent use of bandwidth where each router must know which of its lines belong to the tree. The spanning tree is also used in conducting risk analysis, to build plug-and-play bridges, and to build Internet relay chat (IRC) server network so it routes messages according to a shortest-path algorithm.

Specialized security with limited functionality

An environment encompassing systems with specialized security requirements, in which higher security needs typically result in more limited functionality.

Specification

(1) An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional descriptions, and architectural designs) associated with an information system. (2) A technical description of the desired behavior of a system, as derived from its requirements. (3) A specification is used to develop and test an implementation of a system.

Split domain name system (DNS)

Implementation of split domain name system (DNS) requires a minimum of two physical files (zone files) or views. One file or view should exclusively provide name resolution for hosts located inside the firewall and for hosts outside the firewall. The other file or view should provide name resolution only for hosts located outside the firewall on in the DMZ and not for any hosts inside the firewall. In other words, split DNS requires one physical file for external clients and one physical file for internal clients.

Split knowledge

(1) A process by which a cryptographic key is split into multiple key components, individually sharing no knowledge of the original key, which can be subsequently input into, or output from, a cryptographic module by separate entities and combined to recreate the original cryptographic key. (2) The condition under which two or more parties separately have part of the data, that, when combined, will yield a security parameter or that will allow them to perform some sensitive function. (3) The separation of data into two or more parts, with each part constantly kept under control of separate authorized individuals or teams so that no one individual will be knowledgeable of the total data involved.

Split tunneling

(1) A virtual private network (VPN) client feature that tunnels all communications involving an organization’s internal resources through the VPN, thus protecting them, and excludes all other communications from going through the tunnel. (2) A method that routes organization-specific traffic through the SSL VPN tunnel, but other traffic uses the remote user’s default gateway.