Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

An Analysis Framework and Additive Software Analysis

Author(s)

Paul E. Black

Abstract

We present a framework for software assurance, in addition to an additive software analysis approach. Both have the potential to dramatically reduce software vulnerabilities within the next seven years. The framework (1) aggregates tool outputs, (2) allows software assurance checkers to interoperate, and (3) passes program information between tools. The framework allows modular and distributed development of tool capabilities, promotes synergy between groups, and enables the development of hybrid tools. The framework requires documentary standards of the information passed, such as, code location, visible variables and their values, data and control flows, assertions and invariants, function signatures, and code weaknesses. Additive software analysis uses the framework to gather information, compare and confirm tool results, and enable one module to build on the capabilities of other modules.
Citation
Dramatically Reducing Security Vulnerabilities

Keywords

software assurance

Citation

Black, P. (1970), An Analysis Framework and Additive Software Analysis, Dramatically Reducing Security Vulnerabilities, [online], https://samate.nist.gov/DRSV2016/ (Accessed April 16, 2024)
Created May 7, 2017, Updated February 19, 2017