Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
Bookmark and Share

Combinatorial Methods for Software


Most security vulnerabilities arise from flaws in software implementation, and are difficult to discover because they are often triggered by rarely used parts of the code. Exhaustive testing is impossible for real-world software so high assurance software is tested using methods that require extensive staff time and thus have enormous cost. Most unit and system testing only verifies the existence of functionality, so it does not exercise rare conditions that trigger security vulnerabilities.


Reduction in the cost of security testing for US software industry.

Lead Organizational Unit:


Richard D. Kuhn
(301) 975-3337
richard. kuhn@nist.gov

100 Bureau Drive
M/S 8930
Gaithersburg, MD  20899-8930