3.1 The Management Dilemma3.1.1 Background on Assured Systems3.2 Process Models for Software Development and Acquisition3.2.1 CMMI Models in General3.2.2 CMMI for Development (CMMI-DEV)3.2.3 CMMI for Acquisition (CMMI-ACQ)3.2.4 CMMI for Services (CMMI-SVC)3.2.5 CMMI Process Model Uses3.3 Software Security Frameworks, Models, and Roadmaps3.3.1 Building Security In Maturity Model (BSIMM)3.3.2 CMMI Assurance Process Reference Model3.3.3 Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM)3.3.4 DHS SwA Measurement Work3.3.5 Microsoft Security Development Lifecycle (SDL)3.3.6 SEI Framework for Building Assured Systems3.3.7 SEI Research in Relation to the Microsoft SDL3.3.8 CERT Resilience Management Model Resilient Technical Solution Engineering Process Area3.3.9 International Process Research Consortium (IPRC) Roadmap3.3.10 NIST Cyber Security Framework3.3.11 Uses of Software Security Frameworks, Models, and Roadmaps3.4 Summary