The SAMATE Project

Dramatically Reducing Security Vulnerabilities

Overview

The Federal Cybersecurity Research and Development Strategic Plan seeks to fundamentally alter the dynamics of security, reversing adversaries' asymmetrical advantages. Achieving this reversal is the mid-term goal of the plan, which calls for "sustainably secure systems development and operation." Part of the mid-term (3-7 years) goal is "the design and implementation of software, firmware, and hardware that are highly resistant to malicious cyber activities ..." and reduce the number of vulnerabilities in software by orders of magnitude. Measures of software play an important role.

This report, DRSV, is part of that.

Events

30 November 2016 The final NIST Internal Report NISTIR 8151 Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy is available at doi: 10.6028/NIST.IR.8151 or (direct link) http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8151.pdf.

A NIST press release about the report.

 

The draft NIST Internal Report NISTIR 8151 Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy is available. Comment period ended 18 October 2016.

 

6 October 2016 present draft at Software Productivity, Sustainability, and Quality (SPSQ) Interagency Working Group Workshop on Reducing Software Defects and Vulnerabilities, Arlington, Virginia.

2:45pm Synopsis of NIST workshop on reducing software vulnerabilities, Paul E. Black, NIST

 

14 July 2016 presentations at SSCA, MITRE, McLean, Virginia, USA

0900 Federal Cybersecurity Research and Development Strategic Plan, Tim Polk, White House Office of Science and Technology Policy

0930 Report of the 12 July Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV) workshop, Paul E. Black, NIST, paul.black@nist.gov

0935 The Secure Tool Chain Challenge, Chris Johnson, NIST

0945 Overview of the Current Plan for Dramatically Reducing Software Vulnerabilities report, Barbara Guttman, NIST

1000 Resilience & System Level Security, Lee Badger, NIST

1030         break

1100 A Testing Framework–The Schema–and Additive Software Analysis, Paul E. Black, NIST, paul.black@nist.gov

1130 Formal Methods, including Model-Based Verification and Correct-By-Construction, Richard Doyle, NASA

1200 Program Diversity and Moving Target Defense, Konrad Vesey, MIT/LL

1230         lunch

 

12 July 2016 workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV), NIST, Gaithersburg, Maryland, USA.

 


Cybersecurity National Action Plan (CNAP)

The DRSV web site was created Wed 19 July 2016. Updated Thu Dec 1 16:38:01 EST 2016

This page's URL is https://samate.nist.gov/DRSV2016/.

Views