Having a process for enabling security verification is becoming important because of the increasing complexity of software systems, their growing interconnectedness and the globalization, of software developers, Campara said.

Government systems that are used for national security purposes already need to go through a Common Criteria Certification process to determine whether they meet security requirements. OMG's framework -- which still has to go through a long approval process -- will give another option to agencies that are not mandated to use the Common Criteria process, Jarzombek said.

In addition, a systems and software assurance standard that's being finalized by the International Standards Organization (ISO/IEC 15026) will also give government agencies a standard they can use for assessing software security sometime next year, he said. The ISO standard is focused on the management of risk and assurance of safety, security and dependability of systems and software, he added.