Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Report of workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV)

Author(s)

Paul E. Black

Abstract

The workshop occurred on 12 July 2016 at National Institute of Standards and Technology (NIST). The workshop's object was software as a product. 20 position statements were submitted; 10 were accepted. Over 90 people attended, primarily dealing with the Federal Government. During a break-out, attendees considered how the Government can best use taxpayer money to identify, improve, package, deliver, or boost the use of software measures and metrics to significantly reduce vulnerabilities. Some ideas that came up were *code should be amenable to automatic analysis, *tool output should be standardized, *there should be boilerplate contract and procurement language, *findings about tools and libraries should be shared, *there should be business cases for secure software, *software developers should have some liability, and *programmers need to understand security.
Citation
Dramatically Reducing Security Vulnerabilities

Keywords

software assurance, Software Measures and Metrics to Reduce Security Vulnerabilities, SwMM-RSV

Citation

Black, P. (1970), Report of workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV), Dramatically Reducing Security Vulnerabilities, [online], https://samate.nist.gov/DRSV2016/ (Accessed December 30, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created May 7, 2017, Updated May 4, 2021