Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Software Assurances Metrics and Tool Evaluation

Published

Author(s)

Paul E. Black

Abstract

NIST is starting two ambitious projects to (1) develop a taxonomy of software security flaws and vulnerabilities, (2) develop a taxonomy of software assurance (SA) functions and techniques which detect those flaws, (3) perform and maintain a survey of SA tools implementing the functions, (4) develop testable specifications of SA functions and explicit tests, include a standard reference dataset, to evaluate how closely tools implement the functions, and (5) lead efforts to develop metrics for the effectiveness of those functions. The end result is that users will be able to choose a combination of techniques which best suits their needs and will be able to state how much confidence they have in software which has been assessed. This paper details these two projects and presents our justifications and expectations.
Proceedings Title
Proceedings of 2005 International Conference on Software Engineering Research and Practice
Conference Dates
June 27-30, 2005
Conference Location
Las Vegas, NV
Conference Title
International Conference on Software Engineering

Keywords

metrics, reference dataset, security, software assurance

Citation

Black, P. (2005), Software Assurances Metrics and Tool Evaluation, Proceedings of 2005 International Conference on Software Engineering Research and Practice, Las Vegas, NV (Accessed March 3, 2024)
Created June 1, 2005, Updated February 19, 2017