Joe Jarzombek
SIGAda 2007
Joe Jarzombek
image of Joe Jarzombek

Director for Software Assurance,
National Cyber Security Division,
Department of Homeland Security

Serves as Director for Software Assurance in the Policy and Strategic Initiatives Branch of the National Cyber Security Division (NCSD) within the Department of Homeland Security (DHS) to provide the focal point on software integrity issues.

The DHS Software Assurance (SwA) Program is based on the National Strategy to Secure Cyberspace that specifies: "DHS will facilitate a national public-private effort to promulgate best practices and methodologies that promote integrity, security, and reliability in software code development, including processes and procedures that diminish the possibilities of erroneous code, malicious code, or trap doors that could be introduced during development."

As a strategic initiative of the DHS National Cyber Security Division, the SwA Program also guides the SwA Forum and SwA Working Groups under auspices of the Critical Infrastructure Partnership Advisory Council (CIPAC) providing venues for government and the private sector to collaborate in addressing SwA issues associated with: Processes and Practices, Workforce Education and Training, Acquisition and Outsourcing, Technology, Tools and Product Evaluation, Malware Countermeasures, Measurement, and Business Case.

Scoped to address mechanisms to achieve software trustworthiness, predictable execution, and conformance, the DHS SwA Program collaborates with other agencies, industry, and academia to develop, publish and update relevant information via:

  1. "Build Security In" web portal (
  2. SwA Common Body of Knowledge from which to assist curriculum development,
  3. Developers' Guide on Security Enhancing the Software Development Lifecycle,
  4. SwA-related standards of IEEE CS, ISO/IEC, OMG, NIST,
  5. CMM-based Security/Assurance extensions,
  6. Practical Measurement Guidance for SwA and Information Security,
  7. SwA Metrics and Tool Evaluation (with NIST),
  8. Common Weaknesses Enumeration (CWE) dictionary,
  9. Common Attack Pattern Enumeration and Classification,
  10. Due-diligence questionnaires and sample procurement language in "SwA in Acquisition: Mitigating Risks to the Enterprise."

Back to Main Page Back to Main Page
last updated 3 November 2007 - cgr