NIST logo
Bookmark and Share

Combinatorial Methods for Software


Most security vulnerabilities arise from flaws in software implementation, and are difficult to discover because they are often triggered by rarely used parts of the code. Exhaustive testing is impossible for real-world software so high assurance software is tested using methods that require extensive staff time and thus have enormous cost. Most unit and system testing only verifies the existence of functionality, so it does not exercise rare conditions that trigger security vulnerabilities.


Reduction in the cost of security testing for US software industry.

Lead Organizational Unit:


Richard D. Kuhn
(301) 975-3337

100 Bureau Drive
M/S 8930
Gaithersburg, MD  20899-8930