Report of workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV)
Paul E. Black
The workshop occurred on 12 July 2016 at National Institute of Standards and Technology (NIST). The workshop's object was software as a product. 20 position statements were submitted; 10 were accepted. Over 90 people attended, primarily dealing with the Federal Government. During a break-out, attendees considered how the Government can best use taxpayer money to identify, improve, package, deliver, or boost the use of software measures and metrics to significantly reduce vulnerabilities. Some ideas that came up were *code should be amenable to automatic analysis, *tool output should be standardized, *there should be boilerplate contract and procurement language, *findings about tools and libraries should be shared, *there should be business cases for secure software, *software developers should have some liability, and *programmers need to understand security.
Report of workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV), Dramatically Reducing Security Vulnerabilities, [online], https://samate.nist.gov/DRSV2016/
(Accessed December 5, 2023)