Designing secure software is based on the application of secure software design principles. These principles will be discussed in this chapter and form the fundamental basis for software assurance. Software assurance has been given many definitions, and it is important to understand the concept. The Software Security Assurance Report^[1] defines software assurance as follows, "The basis for gaining justifiable confidence that software will consistently exhibit all properties required to ensure that the software, in operation, will continue to operate dependably despite the presence of sponsored (intentional) faults. In practical terms, such software must be able to resist most attacks, tolerate as many as possible of those attacks it cannot resist, and contain the damage and recover to a normal level of operation as soon as possible after any attacks it is unable to resist or tolerate."

The U.S. Department of Defense (DoD) Software Assurance Initiative^[2] defines software assurance as "the level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software."

The Data and Analysis Center for Software (DACS)^[3] requires that software must exhibit the following three properties to be considered secure: