Software assurance (SwA) may be defined as “the level of confidence that software is free from vulnerabilities, either intentionally
designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.” Since modern
systems are under constant attack, sufficient SwA is vital. In practice, a suite of SwA tools is necessary to help achieve this. However, there are potential
challenges to securely using a suite of SwA tools. Software development environments (SDEs) are increasingly under focused attack, since subverting
software during development can be easier than subverting it after it is deployed. One mechanism for subverting SDEs is to exploit vulnerabilities in its
tools or to provide maliciously subverted tools to an SDE. The goal of this paper is to help ease the deployment of SwA tools, by countering potential
objections to using them. To achieve this, we discuss how to protect against potential supply chain risks of SwA tools themselves, including how to protect
the SDE in general against supply chain risks and how the mechanisms to counter SwA tool risks fit into the SDE. We show that it is possible to modify
SDE practices to use a wide variety of SwA tools and still manage the inherent risks. Isolation mechanisms can be used, for example, to separate tools and
restrict access for specific tasks. This approach can be automated and may reduce risk in a relatively uncomplicated manner. In particular, the “medium
protection” approach discussed here should be easy to incorporate in existing SDEs. We recommend that organizations fully embrace the use of many SwA
tools when developing software. Where appropriate, they should consider taking the additional steps discussed here if they determine that the risks of using
SwA tools are otherwise too high. Our hope is that this information will lead to the widespread safe use of suites of SwA tools.