p>The security and integrity of information systems has become a critical issue within most types of organizations, and finding better ways to address the topic has become the objective of many in industry, academia, and government. One of the more effective approaches gaining popularity in addressing these issues is the use of standard knowledge representations, enumerations, exchange formats and languages, as well as sharing of standard approaches to key compliance and conformance mandates. Leveraging these sorts of standards helps answer today's increased demands for accountability, efficiency and interoperability without artificially constraining options for technologies, solutions or vendors with respect to the interfaces and data representations they use internally and for external interaction with operational, development and sustainment tools and processes. There are a large number of security measurement and management activities and initiatives being pursued by a variety of groups including public standards groups, industry associations, academia, and government. This presentation will describe a cross-section of this software security landscape and explore how many of these efforts are actually mutually supportive, well aligned, and complementary. Together these efforts compose major segments of a comprehensive approach to economically addressing the software development, systems operation, and accreditation/reporting needs of today's corporations, governments, and economies. The security, integrity, and trustworthiness of the information technology capabilities of our society's critical infrastructure and commerce capabilities are totally dependent on software, networks, and information. Improving the security and manageability of these elements will be beneficial to all.