Black, P.
(2005),
Software Assurances Metrics and Tool Evaluation, Proceedings of 2005 International Conference on Software Engineering Research and Practice, Las Vegas, NV
(Accessed October 2, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Software Assurances Metrics and Tool Evaluation
Published
Author(s)
Abstract
NIST is starting two ambitious projects to (1) develop a taxonomy of software security flaws and vulnerabilities, (2) develop a taxonomy of software assurance (SA) functions and techniques which detect those flaws, (3) perform and maintain a survey of SA tools implementing the functions, (4) develop testable specifications of SA functions and explicit tests, include a standard reference dataset, to evaluate how closely tools implement the functions, and (5) lead efforts to develop metrics for the effectiveness of those functions. The end result is that users will be able to choose a combination of techniques which best suits their needs and will be able to state how much confidence they have in software which has been assessed. This paper details these two projects and presents our justifications and expectations.Proceedings Title
Proceedings of 2005 International Conference on Software Engineering Research and Practice
Conference Dates
June 27-30, 2005
Conference Location
Las Vegas, NV
Conference Title
International Conference on Software Engineering
Pub Type
Conferences
Keywords
metrics, reference dataset, security, software assurance
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created June 1, 2005, Updated February 19, 2017