Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Raising the Bar on Software Security Testing

Published

Author(s)

Alden A. Dima, John P. Wack, S A. Wakid

Abstract

This article describes an effort lead by NIST and NSA to define and promote an open and commercially driven set of testing methods for software security through the National Information Assurance Partnership (NIAP) (see http://niap.nist.gov). This partnership is open to industry participation and validates conforming implementations using NIST s National Voluntary Laboratory Accreditation Program composed of private testing organizations that use established and well-understood methods. In this article we will describe specific projects at NIST that address validation of software for crypto modules, firewalls, and the Java applications. These efforts are an incremental step towards validating security for components of computing devices. We will focus on software because, as we have learned from our Crypto Module Validation Program described below, software implementations can pass our stringent testing criteria, thus introducing significant savings to the users. Further, we will discuss the emerging ISO standard, the Common Criteria, which provides the general methodology for testing systems.
Citation
Raising the Bar on Software Security Testing
Volume
1
Issue
No. 3

Keywords

common criteria, evaluation, firewall, Java, security, validating software

Citation

Dima, A. , Wack, J. and Wakid, S. (1999), Raising the Bar on Software Security Testing, Raising the Bar on Software Security Testing (Accessed April 24, 2024)
Created June 1, 1999, Updated February 17, 2017