Opinions of the Software and Supply Chain Assurance Forum on Education, Training, and Certifications

This article provides an overview of discussions held at the Software and Supply Chain Assurance (SSCA) forum held May 1-2, 2018, in McLean, Virginia. The two-day event focused on education and training for software assurance (SwA) and Cyber-Supply Chain Risk Management (C-SCRM). Attendees discussed questions such as “What are some challenges facing industry, academia, and government organizations in this area?” “Who needs education or training?” “What needs to be taught?” and “What strategies do or do not work?” Discussions related to the current environment, hiring and retaining qualified employees, defining roles and responsibilities, and the knowledge, skills, and abilities (KSAs) that are most in-demand.

Airborne Software Development Processes Certification Review Strategy based on RTCA/DO-178C

functionality for aircraft. Highly complex software, however, cannot be exhaustively tested and only assured through a structured, process, activity, and objective-based approach. This paper studied the development processes and objectives applicable to different software levels based on RTCA/DO-178C, and identified 82 technical focus points based on each airborne software development sub-process, then created a Process Technology Coverage matrix to demonstrate the technical focuses of each process. This paper proposes an objective-oriented top-down and bottom-up sampling strategy for the four software Stage of Involvement reviews by considering the frequency and depth of involvement. Finally, this paper provides a Technology Objective Coverage matrix, which can support the reviewers to perform the efficient risk-based SOI reviews by considering the identified technical points, thus efficiently achieving confidence in the level of safety of the aircraft from the software assurance perspective.

Application of Seq2Seq Models on Code Correction

We apply various seq2seq models on programming language correction tasks on Juliet Test Suite for C/C++ and Java of Software Assurance Reference Datasets and achieve 75% (for C/C++) and 56% (for Java) repair rates on these tasks. We introduce pyramid encoder in these seq2seq models, which significantly increases the computational efficiency and memory efficiency, while achieving similar repair rate to their nonpyramid counterparts. We successfully carry out error type classification task on ITC benchmark examples (with only 685 code instances) using transfer learning with models pretrained on Juliet Test Suite, pointing out a novel way of processing small programming language datasets.