The Software Assurance Tips contain fully unclassified, publicly released musings of an Army Software Assurance team. While issues are shared with the team, we sometimes encounter tips and tricks that are better to share with the community. The contents of these tips are the opinions of their respective authors and should not be interpreted as an official policy of any organization.
Latest Articles
Only the most recent 10 articles are displayed here and in the RSS feed. For a complete archive, visit the Articles Archive.
- 20260126 - Unsafe at Any Speed: The Designed-In Dangers of DevSecOps
- 20250707 - The -Wall GCC Flag and CWE-457: Why -Wall Does Not Offer Sufficient Protection Against Uninitialized Variables
- 20250512 - Leaking Through the Cracks: Rust's Soft Memory Shell
- 20250127 - Defensive Development Plans
- 20241118 - Fuzzy Coverage
- 20240902 - Back to the Building Blocks: Codifying Complacency
- 20240610 - The Zero Trust Paradox: Second Guessing the Good Guys
- 20240527 - Sorry Root, You're Not the Boss of Me!
- 20240212 - Assess Only v. Assess and Authorize
- 20230918 - A History of Verification, Validation, and Code Scanning
Website Source Code
The source code for this website is released to the public domain under the CC-0 license. The article content is released under the CC-BY license. Source and article contents can be obtained from the GitHub repository.