Abstract: A system and method for automation and managing of security requirements and software supply chain in a software development lifecycle in a service-oriented architecture. Shared components can be used in the implementation of multiple software applications and each component has a functionality in the application and a set of controls for its implementation. A requirements library provides a list task requirements for each application which are applicable to the software application based on application context which is adjusted based on the controls required for implementation or controls addressed by the component. The shared components in the component library can be pre-authorized for use and applied to various software projects and applications with tracking, versioning, and dependency management.

Abstract: A system and method for security risk identification in a secure software lifecycle. A knowledge database has a plurality of security elements which are identified for a particular software application depending on software environment and prioritized in a task list. Code vulnerabilities are identified using code scanners, with security requirements updated based on identified vulnerabilities, lack of vulnerabilities for weaknesses covered by a code scanner, potential weaknesses not adequately covered by code scanners, and software environment changes.

Abstract: An electronic just-in-time learning and training system that is integrated into a user workflow to provide users with the knowledge they require to complete the tasks in the workflow and to provide meaningful and impactful training to users or advancement along a learning or training path. User tasks are matched to training modules in a training database to assist with completion of a task while a user profile tracks user training to deliver the most appropriate training modules. The system tracks completion of training modules to guide the user with training and advancement and to offer the user opportunities for additional certification and learning.

Abstract: A system and method for automation of task identification and control in a software lifecycle. Software context for a software asset is extracted from context repositories of the software asset during software development and operation, the extracted context data is matched to relevant tasks in a knowledge database to select tasks for the software asset, and task prioritization and orchestration are presented in a prioritized task list during a software lifecycle.

Abstract: A system and method for security risk identification in a secure software lifecycle. A knowledge database has a plurality of security elements which are identified for a particular software application depending on software environment and prioritized in a task list. Code vulnerabilities are identified using code scanners, with security requirements updated based on identified vulnerabilities, lack of vulnerabilities for weaknesses covered by a code scanner, potential weaknesses not adequately covered by code scanners, and software environment changes. The system identifies a security requirement that has passed the test of the code scanner, identifies the strength of the code scanner to discover a particular code vulnerability associated with the security requirement, and updates the security requirement to indicate a verified compliance state.

Abstract: A system and method for automation and managing of security requirements and software supply chain in a software development lifecycle in a service-oriented architecture. Shared components can be used in the implementation of multiple software applications and each component has a functionality in the application and a set of controls for its implementation. A requirements library provides a list task requirements for each application which are applicable to the software application based on application context which is adjusted based on the controls required for implementation or controls addressed by the component. The shared components in the component library can be pre-authorized for use and applied to various software projects and applications with tracking, versioning, and dependency management.

Abstract: A system and method for automation of task identification and control in a software lifecycle. Software context for a software asset is extracted from context repositories of the software asset during software development and operation, the extracted context data is matched to relevant tasks in a knowledge database to select tasks for the software asset, and task prioritization and orchestration are presented in a prioritized task list during a software lifecycle.

Abstract: A system and method for automation of task identification and control in a software lifecycle. Software context for a software asset is extracted from context repositories of the software asset during software development and operation, the extracted context data is matched to relevant tasks in a knowledge database to select tasks for the software asset, and task prioritization and orchestration are presented in a prioritized task list during a software lifecycle.

Abstract: An electronic just-in-time learning and training system that is integrated into a user workflow to provide users with the knowledge they require to complete the tasks in the workflow and to provide meaningful and impactful training to users or advancement along a learning or training path. User tasks are matched to training modules in a training database to assist with completion of a task while a user profile tracks user training to deliver the most appropriate training modules. The system tracks completion of training modules to guide the user with training and advancement and to offer the user opportunities for additional certification and learning.

Abstract: An organization framework system and method for compliance with non-functional requirements is described. The system has a regulatory standards database with a plurality of regulatory standards, each regulatory standard comprising a set of regulatory non-functional requirements, an organization standards database with a plurality of organization standards, each organization standard comprising a set of organization non-functional requirements, and an organization framework comprising a master set of regulatory non-functional requirements and organization non-functional requirements.

Abstract: A system and method for security risk identification in a secure software lifecycle. A knowledge database has a plurality of security elements which are identified for a particular software application depending on software environment and prioritized in a task list. Code vulnerabilities are identified using code scanners, with security requirements updated based on identified vulnerabilities, lack of vulnerabilities for weaknesses covered by a code scanner, potential weaknesses not adequately covered by code scanners, and software environment changes. The system identifies a security requirement that has passed the test of the code scanner, identifies the strength of the code scanner to discover a particular code vulnerability associated with the security requirement, and updates the security requirement to indicate a verified compliance state.

Abstract: A system and method for security risk identification in a secure software lifecycle. A knowledge database has a plurality of security elements which are identified for a particular software application depending on software environment and prioritized in a task list. Code vulnerabilities are identified using code scanners, with security requirements updated based on identified vulnerabilities, lack of vulnerabilities for weaknesses covered by a code scanner, potential weaknesses not adequately covered by code scanners, and software environment changes.

Abstract: A system and method for security risk identification in a secure software lifecycle. A knowledge database has a plurality of security elements which are identified for a particular software application depending on software environment and prioritized in a task list. Code vulnerabilities are identified using code scanners, with security requirements updated based on identified vulnerabilities, lack of vulnerabilities for weaknesses covered by a code scanner, potential weaknesses not adequately covered by code scanners, and software environment changes.

Abstract: A system and method for automation of task identification and control in a software lifecycle. Software context for a software asset is extracted from context repositories of the software asset during software development and operation, the extracted context data is matched to relevant tasks in a knowledge database to select tasks for the software asset, and task prioritization and orchestration are presented in a prioritized task list during a software lifecycle.

Abstract: A system and method for security risk identification in a secure software lifecycle. A knowledge database has a plurality of security elements which are identified for a particular software application depending on software environment and prioritized in a task list. Code vulnerabilities are identified using code scanners, with security requirements updated based on identified vulnerabilities, lack of vulnerabilities for weaknesses covered by a code scanner, potential weaknesses not adequately covered by code scanners, and software environment changes.

Abstract: This invention relates to a method and system of providing security guidance in writing software applications. More particularly this invention relates to accessing guidance application linked to a computer and a data base of security features to present a user with suggestive security content in writing software applications. The invention also relates to a non-transitory computer program for use on the computer in writing the software applications.