Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publications Portal

You searched on: Author: paul black Sorted by: title

Displaying records 1 to 10 of 60 records.
Resort by: Date / Title


1. A Basic CWE-121 Buffer Overflow Effectiveness Test Suite
Published: 4/1/2013
Authors: Paul E Black, Hsiao-Ming Michael Koo, Thomas F Irish
Abstract: Phase 3 of MITRE's Common Weakness Enumeration (CWE) Compatibility and Effectiveness program allows a customer to understand how effective a software assurance tool is at finding weaknesses and what code complexities it handles. Phase 3 is based on ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913117

2. A Rational Foundation for Software Metrology
Series: NIST Interagency/Internal Report (NISTIR)
Report Number: 8101
Published: 1/20/2016
Authors: David W Flater, Paul E Black, Elizabeth Nee nee Fong, Raghu N Kacker, Vadim Okun, Stephen S Wood, David R Kuhn
Abstract: Much software research and practice involves ostensible measurements of software, yet little progress has been made on an SI-like metrological foundation for those measurements since the work of Gray, Hogan, et al. in 1996-2001. Given a physical ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=919602

3. A Specification-Based Coverage Metric to Evaluate Test Sets
Published: 12/1/2000
Authors: P E Ammann, Paul E Black
Abstract: Software developers use a variety of methods, including both formal methods and testing, to argue that their systems are suitable components for high assurance applications. In this paper, we develop another connection between formal methods and tes ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151676

4. Abstracting Formal Specifications to Generate Software Tests via Model Checking
Published: 10/1/1999
Authors: P E Ammann, Paul E Black
Abstract: A recent method combines model checkers with specification-based mutation analysis to generate test cases from formal software specifications. However high-level software specifications usually must be reduced to make analysis with a model checker f ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151677

5. Building a Test Suite for Web Application Scanners
Published: 1/7/2008
Authors: Elizabeth Nee nee Fong, Romain Gaucher, Vadim Okun, Paul E Black, Eric Dalci
Abstract: This paper describes the design of a test suite for thorough evaluation of web application scanners. Web application scanners are automated, black-box testing tools that examine web applications for security vulnerabilities. For several common vulner ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51244

6. Comparison of Fault Classes in Specification-Based Testing
Published: 6/1/2004
Authors: Vadim Okun, Paul E Black, Y Yesha
Abstract: Our results extending Kuhn's fault class hierarchy provide a justification for the focus of fault-based testing strategies on detecting particular faults and ignoring others. We develop a novel analytical technique that allows us to elegantly prove ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150489

7. Counting Bugs is Harder Than You Think
Published: 10/20/2011
Author: Paul E Black
Abstract: Software Assurance Metrics And Tool Evaluation (SAMATE) is a broad, inclusive project at the U.S. National Institute of Standards and Technology (NIST) with the goal of improving software assurance by developing materials, specifications, and methods ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=908871

8. Cyber Security Metrics and Measures
Published: 3/2/2009
Authors: Paul E Black, Karen Ann Scarfone, Murugiah P Souppaya
Abstract: Metrics are tools to facilitate decision making and improve performance and accountability. Measures are quantifiable, observable, and objective data supporting metrics. Operators can use metrics to apply corrective actions and improve performance. R ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51292

9. Dictionary of Algorithms and Data Structures
Published: 10/1/1998
Author: Paul E Black
Abstract: The National Software Reference Library (NSRL) of the U.S. National Institute of Standards and Technology (NIST) collects software from various sources and publishes file profiles computed from this software (such as MD5 and SHA-1 hashes) as a Refer ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=150356

10. Effect of Static Analysis Tools on Software Security: Preliminary Investigation
Published: 10/29/2007
Authors: Vadim Okun, William F Guthrie, Romain Gaucher, Paul E Black
Abstract: Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by vulner ...
http://www.nist.gov/manuscript-publication-search.cfm?pub_id=51237



Search NIST-wide:


(Search abstract and keywords)


Last Name:
First Name:







Special Publications:

Looking for a NIST Special Publication (NIST SP Series)? Place the series number and dash in the report number field (Example: 800-) and begin your search.

  • SP 250-XX: Calibration Services
  • SP 260-XX: Standard Reference Materials
  • SP 300-XX: Precision Measurement and Calibration
  • SP 400-XX: Semiconductor Measurement Technology
  • SP 480-XX: Law Enforcement Technology
  • SP 500-XX: Computer Systems Technology
  • SP 700-XX: Industrial Measurement Series
  • SP 800-XX: Computer Security Series
  • SP 823-XX: Integrated Services Digital Network Series