NIST Offers Improved Software Testing

  /     /     /  
Publicated : 23/11/2024   Category : security


NIST Offers Improved Software Testing


Combinatorial testing is a software testing method that the National Institute of Science and Technology (NIST) likes a lot.



Combinatorial testing is a method for more effective software testing that the National Institute of Science and Technology (NIST) likes a lot.
They ran studies from 1999 to 2004 showing that most software bugs and failures are caused by one or two parameters of input, with progressively fewer by three or more.
They call this the interaction rule, and it is a roadmap for more efficient testing than those given with conventional methods. NIST says that it has multiple studies showing fault detection results equal to exhaustive testing with a 20X to 700X reduction in test set size.
The software industry often spends seven to 20 times as much money rendering safety-critical software reliable as it does on more conventional code, so improvements in testing have been called for by designers.
This is
not
fuzzing, as the term is commonly used in software development. Fuzzing (or fuzz testing) is an software testing technique using invalid, unexpected, or random data as inputs to a program. The program is then monitored for faults such as crashes, failing built-in code assertions, or potential memory leaks. The NIST approach uses normal and valid ranges of inputs for its testing and observation.
Fuzzing checks for what happens when input goes out of bounds and is unsanitary, while NIST techniques check for what happens when a programs inputs are within norms but changing relative to other inputs.
Anyway, NIST announced the first revision since 2015 of its Automated Combinatorial Testing for Software, or
ACTS
.
Researchers from the University of Texas at Arlington, Adobe Systems Inc. and Austrias SBA Research announced at last weeks IEEE International Conference on Software Testing, Verification and Validation in China that they had updated a version of Combinatorial Coverage Measurement (CCM) to include extensions to it by SBA Research.
NISTs internal tools were able to handle software that had a few hundred input variables, but SBA Research developed another new tool that can examine software that has up to 2,000. This increase can generate a test suite for up to five-way combinations of input variables.
The two tools can be used in a complementary fashion: While the NIST software can measure the coverage of input combinations, the SBA algorithm can extend coverage to thousands of variables. While the SBA Research algorithm is not an official part of the ACTS test suite, the team says that it has plans to bundle it with ACTS in the future.
NIST will make the algorithm available to any developer who requests it.
Before we revised CCM, it was difficult to test software that handled thousands of variables thoroughly, NIST mathematician Raghu Kacker said in a statement. That limitation is a problem for complex modern software of the sort that is used in passenger airliners and nuclear power plants, because its not just highly configurable, its also life critical. Peoples lives and health are depending on it.
— Larry Loeb has written for many of the last centurys major dead tree computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
NIST Offers Improved Software Testing