SoylentNews is people
SoylentNews
The National Institute of Standards and Technology (NIST) published a report last month, Safer, Less Vulnerable Software Is the Goal of New NIST Computer Publication:
We can create software with 100 times fewer vulnerabilities than we do today, according to computer scientists at the National Institute of Standards and Technology (NIST). To get there, they recommend that coders adopt the approaches they have compiled in a new publication.
The 60-page document, NIST Interagency Report (NISTIR) 8151: Dramatically Reducing Software Vulnerabilities, is a collection of the newest strategies gathered from across industry and other sources for reducing bugs in software. While the report is officially a response to a request for methods from the White House's Office of Science and Technology Policy, NIST computer scientist Paul E. Black says its contents will help any organization that seeks to author high-quality, low-defect computer code.
"We want coders to know about it," said Black, one of the publication's coauthors. "We concentrated on including novel ideas that they may not have heard about already."
Black and his NIST colleagues compiled these ideas while working with software assurance experts from many private companies in the computer industry as well as several government agencies that generate a good deal of code, including the Department of Defense and NASA. The resulting document reflects their cumulative input and experience.
The report recommends five main approaches as described in lay terms in this infographic.
The report is available at: http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8151.pdf
(Score: 0, Redundant) by jb on Tuesday January 03 2017, @04:00AM
How does that work?
If, say, the hypothetical software that needed improving had 1 vulnerability, its shiny new replacement with "100 times fewer vulnerabilities" would presumably have -99 vulnerabilities -- how is that even possible?
The only input for which the phrase "100 times fewer vulnerabilities" makes any sense, is starting with zero vulnerabilities (in which case, no effort is required to achieve the 100-fold reduction).
Perhaps what they really meant "one one hundredth as many vulnerabilities" -- an admirable goal, but perhaps better expressed as "99% fewer vulnerabilities"...
Given the importance of accurate mathematics to writing (as near as possible to) bug-free code, they don't seem to have got off to a very good start...
(Score: 0) by Anonymous Coward on Tuesday January 03 2017, @06:02AM
Marketdroid-speak...
Advertisers have to spend one or two minutes full of nonstop verbiage, yet not commit to a thing. Undefined variables are their lifeblood.
100 times fewer vulnerabilities than what? Up to dream performance for only $xxx* ( * other charges may apply ). Order now and we will include another one FREE! Just pay a separate fee.
Three month trial! Try today! Only $19.95 ( What they did not say is the price for the item is $500... the $19.95 was for the trial! ).
Fair and honest bidding site! I-Pod sold for $7.96! ( Did not include the price of bids... ).
Order a bottle of pills and we will send you another bottle FREE! ( They will still charge you for the pills though... but they will send it in the same box ). ( Also, if the ad-head said it would send another bottle, does the second bottle even have any pills in it? ).
Experience has taught me to listen very critically to what an ad-head says. Can't help but look around for the air compressor, as the voluminous expulsions of air leaving those things, along with the frenzied facial expressions, lead me to believe most advertisers are pneumatically driven.