Dima, A.
, Wack, J.
and Wakid, S.
(1999),
Raising the Bar on Software Security Testing, Raising the Bar on Software Security Testing
(Accessed April 26, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Raising the Bar on Software Security Testing
Published
Author(s)
, ,
Abstract
This article describes an effort lead by NIST and NSA to define and promote an open and commercially driven set of testing methods for software security through the National Information Assurance Partnership (NIAP) (see http://niap.nist.gov). This partnership is open to industry participation and validates conforming implementations using NIST s National Voluntary Laboratory Accreditation Program composed of private testing organizations that use established and well-understood methods. In this article we will describe specific projects at NIST that address validation of software for crypto modules, firewalls, and the Java applications. These efforts are an incremental step towards validating security for components of computing devices. We will focus on software because, as we have learned from our Crypto Module Validation Program described below, software implementations can pass our stringent testing criteria, thus introducing significant savings to the users. Further, we will discuss the emerging ISO standard, the Common Criteria, which provides the general methodology for testing systems.Citation
Raising the Bar on Software Security Testing
Volume
1
Issue
No. 3
Pub Type
Others
Keywords
common criteria, evaluation, firewall, Java, security, validating software
Citation
Created June 1, 1999, Updated February 17, 2017