Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Raising the Bar on Software Security Testing



Alden A. Dima, John P. Wack, S A. Wakid


This article describes an effort lead by NIST and NSA to define and promote an open and commercially driven set of testing methods for software security through the National Information Assurance Partnership (NIAP) (see This partnership is open to industry participation and validates conforming implementations using NIST s National Voluntary Laboratory Accreditation Program composed of private testing organizations that use established and well-understood methods. In this article we will describe specific projects at NIST that address validation of software for crypto modules, firewalls, and the Java applications. These efforts are an incremental step towards validating security for components of computing devices. We will focus on software because, as we have learned from our Crypto Module Validation Program described below, software implementations can pass our stringent testing criteria, thus introducing significant savings to the users. Further, we will discuss the emerging ISO standard, the Common Criteria, which provides the general methodology for testing systems.
Raising the Bar on Software Security Testing
No. 3


common criteria, evaluation, firewall, Java, security, validating software


Dima, A. , Wack, J. and Wakid, S. (1999), Raising the Bar on Software Security Testing, Raising the Bar on Software Security Testing (Accessed April 24, 2024)
Created June 1, 1999, Updated February 17, 2017