NIST logo
*
Bookmark and Share

Combinatorial Methods for Software

Summary:

Most security vulnerabilities arise from flaws in software implementation, and are difficult to discover because they are often triggered by rarely used parts of the code. Exhaustive testing is impossible for real-world software so high assurance software is tested using methods that require extensive staff time and thus have enormous cost. Most unit and system testing only verifies the existence of functionality, so it does not exercise rare conditions that trigger security vulnerabilities.

Description:

Reduction in the cost of security testing for US software industry.

Lead Organizational Unit:

ITL
Contact

Richard D. Kuhn
(301) 975-3337
richard. kuhn@nist.gov

100 Bureau Drive
M/S 8930
Gaithersburg, MD  20899-8930