Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology

Software research

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 26 - 50 of 74

Metamorphic Testing on the Continuum of Verification and Validation of Simulation Models

June 2, 2021

Author(s)

M S Raunak, Megan Olsen

Metamorphic testing has been shown to be useful in testing "non-testable" programs in many domains. Modeling & simulation is one such domain, where both verification and validation can be difficult due to lack of oracles. Although the definition of

Prospective Economic Impacts of Allowing Government-Operated Federal Laboratories to Assert Copyright Protection for Their Custom Software Products

May 3, 2021

Author(s)

David Leech, John T. Scott

Algorithms and Data Structures for New Models of Computation

February 1, 2021

Author(s)

Paul Black, David W. Flater, Irena Bojanova

In the early days of computer science, the community settled on a simple standard model of computing and a basic canon of general purpose algorithms and data structures suited to that model. With isochronous computing, heterogeneous multiprocessors, flash

Anteater: Interactive Visualization for Program Understanding

September 24, 2020

Author(s)

Rebecca Faust, Kartherin Isaacs, William Z. Bernstein, Michael Sharp, Carlos Scheidegger

Debugging is famously one the hardest parts in programming. In this paper, we tackle the question: what does a debugging environment look like when we take interactive visualization as a central design principle? We introduce Anteater, an interactive

Vulnerability trends in web servers and browsers

September 21, 2020

Author(s)

M S Raunak, David Kuhn, Richard Kogut, Raghu Kacker

In previous work we have looked at trends in vulnerabilities due to ordinary programming errors [2, 3]. This analysis focuses on two of the most widely used types of software in today's internet, web browsers and web servers. In addition to reports of

DADS: The On-Line Dictionary of Algorithms and Data Structures

September 17, 2020

Author(s)

Paul E. Black

The Dictionary of Algorithms and Data Structures (DADS) is a publicly accessible dictionary of generally useful algorithms, data structures, algorithmic techniques, archetypal problems, and related definitions available at https://nist.gov/DADS/. DADS is

SATE VI Ockham Sound Analysis Criteria

May 19, 2020

Author(s)

Paul E. Black, Kanwardeep S. Walia

Static analyzers examine the source or executable code of programs to find problems. Many static analyzers use heuristics or approximations to examine programs with millions of lines of code for hundreds of classes of problems. The Ockham Sound Analysis

Quantities and Units for Software Product Measurements

March 10, 2020

Author(s)

David W. Flater

International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 80000, the International System of Quantities, collects and organizes the most important physical quantities into a coherent system. In a similar fashion

Opaque Wrappers and Patching: Negative Results

November 21, 2019

Author(s)

Paul E. Black, Monika Singh

When a patch is released for buggy software, bad actors may be able to analyze the patch and create an attack on unpatched machines. A wrapper could block attacking inputs, but it, too, gives attackers critical information. An opaque wrapper hides such

Formal Methods for Statistical Software

October 4, 2019

Author(s)

Paul E. Black

"Statistical software" encompasses several distinct classes of software. This report explains what formal methods, tools, and approaches may be able to increase assurance of results of using statistical software and implementing differential privacy. To

Improving MC/DC and Fault Detection Strength Using Combinatorial Testing

July 25, 2019

Author(s)

D. Richard Kuhn, Raghu N. Kacker

Software, in many different fields and tasks, has played a critical role and even replaced humans to improve efficiency and safety. However, catastrophic consequences can be caused by implementation bugs and design defects. MC/DC (Modified Condition

Information Exposure (IEX): A New Class in the Bugs Framework (BF)

July 9, 2019

Author(s)

Irena Bojanova, Yaacov Yesha, Paul E. Black, Yan Wu

Exposure of sensitive information can be harmful on its own and in addition could enable further attacks. A rigorous and unambiguous definition of information exposure faults can help researchers and practitioners identify them, thus avoiding security

Building Open Access to Research (OAR) data infrastructure at NIST

July 8, 2019

Author(s)

Gretchen R. Greene

As a National Metrology Institute (NMI), the National Institute of Science and Technology (NIST) scientists, engineers and technology experts conduct research across a full spectrum of physical science domains. This is performed as a public service within

SATE V Report: Ten Years of Static Analysis Tool Expositions

October 23, 2018

Author(s)

Aurelien M. Delaitre, Bertrand C. Stivalet, Paul E. Black, Vadim Okun, Terry S. Cohen, Athos Ribeiro

Software assurance has been the focus of the National Institute of Standards and Technology (NIST) Software Assurance Metrics and Tool Evaluation (SAMATE) team for many years.The Static Analysis Tool Exposition (SATE) is one of the teams prominent

MCDC-Star An Open-source MC/DC Measurement Tool

September 22, 2018

Author(s)

Raghu N. Kacker, David R. Kuhn, Eric Wong

Applying MC/DC criterion to real-world projects can be expensive due to not only the cost of commercial tools, but also the difficulty of generating test cases to achieve high coverage. To lower the expense from both aspects, this paper presents an easy-to

Juliet 1.3 Test Suite: Changes From 1.2

June 14, 2018

Author(s)

Paul E. Black

The Juliet test suite is a systematic set of thousands of small test programs in C/C++ and Java exhibiting over 100 classes of errors, such as buffer overflow, OS injection, hardcoded password, absolute path traversal, NULL pointer dereference, uncaught

Protecting Software Integrity Through Code Signing

May 23, 2018

Author(s)

David A. Cooper, Leonard Feldman, Gregory A. Witte

This bulletin summarizes the information found in the white paper Security Considerations for Code Signing, which describes features and architectural relationships of typical code signing solutions that are widely deployed today. The paper also defines

Mobile Application Security Exercise (MASE): Final Report

May 22, 2018

Author(s)

Michael A. Ogata

Mobile applications have become an integral part in the mission of the federal government and public safety. There exist many techniques that seek to assure these applications are free from software bugs and vulnerabilities. However, a unified list of

A Software Assurance Reference Dataset: Thousands of Programs With Known Bugs

April 16, 2018

Author(s)

Paul E. Black

The Software Assurance Reference Dataset (SARD) is a growing collection of over 170 000 programs with precisely located bugs. The programs are in C, C++, Java, PHP, and C# and cover more than 150 classes of weaknesses, such as SQL injection, cross-site

The Text Recognition Algorithm Independent Evaluation (TRAIT)

December 15, 2017

Author(s)

Afzal A. Godil, Patrick J. Grother, Mei L. Ngan

The report describes and presents the results for text detection and recognition (TRAIT) evaluation in support of forensic investigations of digital media. These im- ages are of interest to NISTs partner law enforcement agencies that seek to employ text

Improving Software Assurance through Static Analysis Tool Expositions

October 31, 2017

Author(s)

Terry S. Cohen, Damien J. Cupif, Aurelien M. Delaitre, Charles Daniel De Oliveira, Elizabeth N. Fong, Vadim Okun

Multiple techniques and tools prove effective for software assurance. One technique that has grown in acceptance since the early 2000s is static analysis, which examines software for weaknesses without executing it. The National Institute of Standards and

SARD: Thousands of Reference Programs for Software Assurance

October 31, 2017

Author(s)

Paul E. Black

A corpus of computer programs with known bugs is useful in determining the ability of tools to find bugs. This article describes the content of NIST's Software Assurance Reference Dataset (SARD), which is a publicly available collection of thousands of

NSRL Kaspersky dataset documentation

October 23, 2017

Author(s)

Alexander J. Nelson

The National Institute of Standards and Technology (NIST) National Software Reference Library (NSRL) has created curated releases of the Reference Data Set (RDS) consisting of hashes of Kaspersky products. This is in response to the DHS directive on

Architecture for software-assisted quantity calculus

October 18, 2017

Author(s)

David W. Flater

Alexa, Can I Trust You?

September 29, 2017

Author(s)

Judy Chung, Michaela Iorga, Jeff Voas, Sangjin Lee

Security diagnostics expose vulnerabilities and privacy threats that exist in commercial Intelligent Virtual Assistants (IVA)-- diagnostics offer the possibility of securer IVA ecosystems. This paper explores security and privacy concerns with these

Was this page helpful?