Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday January 03 2017, @01:53AM   Printer-friendly
from the we-usually-blame-the-humans dept.

The National Institute of Standards and Technology (NIST) published a report last month, Safer, Less Vulnerable Software Is the Goal of New NIST Computer Publication:

We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication.

The 60-page document, NIST Interagency Report (NISTIR) 8151: Dramatically Reducing Software Vulnerabilities, is a collection of the newest strategies gathered from across industry and other sources for reducing bugs in software. While the report is officially a response to a request for methods from the White House's Office of Science and Technology Policy, NIST computer scientist Paul E. Black says its contents will help any organization that seeks to author high-quality, low-defect computer code.

"We want coders to know about it," said Black, one of the publication's coauthors. "We concentrated on including novel ideas that they may not have heard about already."

Black and his NIST colleagues compiled these ideas while working with software assurance experts from many private companies in the computer industry as well as several government agencies that generate a good deal of code, including the Department of Defense and NASA. The resulting document reflects their cumulative input and experience.

The report recommends five main approaches as described in lay terms in this infographic.

The report is available at: http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8151.pdf


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Snotnose on Tuesday January 03 2017, @03:17AM

    by Snotnose (1623) on Tuesday January 03 2017, @03:17AM (#448753)

    I've done several projects that were small scope, then got sold with minor changes outside of anything I ever considered when developing the code.

    You pay me $120/hr to develop software according to your specs, I develop the software to your specs. I don't spend an extra hour or three thinking about potential security issues when you resell my code outside of what you contracted me to develop. To be honest, to do so would be dishonest on my part.

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2