Date Published: October 2016
Comments Due:
Email Questions to:
Author(s)
Paul Black (NIST), Mark Badger (NIST), Barbara Guttman (NIST), Elizabeth Fong (NIST)
Announcement
NIST invites comments on Draft NIST Internal Report (NISTIR) 8151, Dramatically Reducing Software Vulnerabilities -- Report to the White House Office of Science and Technology Policy. The call for a dramatic reduction in software vulnerability is heard from numerous sources, recently from the February 2016 Federal Cybersecurity Research and Development Strategic Plan. The plan defines goals for reducing vulnerabilities in the near, mid and long term. This report addresses the first mid-term goal.
The call for a dramatic reduction in software vulnerability is heard from multiple sources, recently from the February 2016 Federal Cybersecurity Research and Development Strategic Plan. This plan starts by describing well known risks: current systems perform increasingly vital tasks and are widely known to possess vulnerabilities. These vulnerabilities are often easy to discover and difficult to correct. Cybersecurity has not kept pace and the pace that is needed is rapidly accelerating. The goal of this report is to present a list of specific approaches that have the potential to make a dramatic difference in reducing vulnerabilities – by stopping them before they occur, by finding them before they are exploited or by reducing their impact.
The call for a dramatic reduction in software vulnerability is heard from multiple sources, recently from the February 2016 Federal Cybersecurity Research and Development Strategic Plan. This plan starts by describing well known risks: current systems perform increasingly vital tasks and are widely...
See full abstract
The call for a dramatic reduction in software vulnerability is heard from multiple sources, recently from the February 2016 Federal Cybersecurity Research and Development Strategic Plan. This plan starts by describing well known risks: current systems perform increasingly vital tasks and are widely known to possess vulnerabilities. These vulnerabilities are often easy to discover and difficult to correct. Cybersecurity has not kept pace and the pace that is needed is rapidly accelerating. The goal of this report is to present a list of specific approaches that have the potential to make a dramatic difference in reducing vulnerabilities – by stopping them before they occur, by finding them before they are exploited or by reducing their impact.
Hide full abstract
Keywords
metrics; software assurance; security vulnerabilities; Measurement; reduce software vulnerability
Control Families
None selected