Stories
Slash Boxes
Comments

SoylentNews is people

Safer, Less Vulnerable Software is the Goal of New Computer Publication

posted by janrinok on Tuesday January 03 2017, @01:53AM   Printer-friendly
from the we-usually-blame-the-humans dept.

Fnord666 writes:

The National Institute of Standards and Technology (NIST) published a report last month, Safer, Less Vulnerable Software Is the Goal of New NIST Computer Publication:

We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication.

The 60-page document, NIST Interagency Report (NISTIR) 8151: Dramatically Reducing Software Vulnerabilities, is a collection of the newest strategies gathered from across industry and other sources for reducing bugs in software. While the report is officially a response to a request for methods from the White House's Office of Science and Technology Policy, NIST computer scientist Paul E. Black says its contents will help any organization that seeks to author high-quality, low-defect computer code.

"We want coders to know about it," said Black, one of the publication's coauthors. "We concentrated on including novel ideas that they may not have heard about already."

Black and his NIST colleagues compiled these ideas while working with software assurance experts from many private companies in the computer industry as well as several government agencies that generate a good deal of code, including the Department of Defense and NASA. The resulting document reflects their cumulative input and experience.

The report recommends five main approaches as described in lay terms in this infographic.

The report is available at: http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8151.pdf

Original Submission

 
This discussion has been archived. No new comments can be posted.
Safer, Less Vulnerable Software is the Goal of New Computer Publication | Log In/Create an Account | Top | 28 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by tibman on Tuesday January 03 2017, @09:15PM

    by tibman (134) Subscriber Badge on Tuesday January 03 2017, @09:15PM (#449071)

    I disagree on automated tests stopping good developers from doing useful work. With automated tests you can refactor code or modify existing features and quickly verify that the existing functionality is intact. I've also found them extremely useful when recreating and resolving bugs and edge cases. I can just write a test that proves the issue exists and then modify the production code to pass the test and resolve the issue. With that test in place another developer can't come along and re-introduce the same issue.

    You say that "No one can verify software except an able programmer." As an "able programmer", write the tests that verify your software. Now it is automated for you. Most programmers automate the tedious manual tasks they are asked to do.

    --
    SN won't survive on lurkers alone. Write comments.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2