NIST Offers Improved Software Testing

Combinatorial testing is a software testing method that the National Institute of Science and Technology (NIST) likes a lot.

Combinatorial testing is a method for more effective software testing that the National Institute of Science and Technology (NIST) likes a lot.
They ran studies from 1999 to 2004 showing that most software bugs and failures are caused by one or two parameters of input, with progressively fewer by three or more.
They call this the interaction rule, and it is a roadmap for more efficient testing than those given with conventional methods. NIST says that it has multiple studies showing fault detection results equal to exhaustive testing with a 20X to 700X reduction in test set size.
The software industry often spends seven to 20 times as much money rendering safety-critical software reliable as it does on more conventional code, so improvements in testing have been called for by designers.
This is
not
fuzzing, as the term is commonly used in software development. Fuzzing (or fuzz testing) is an software testing technique using invalid, unexpected, or random data as inputs to a program. The program is then monitored for faults such as crashes, failing built-in code assertions, or potential memory leaks. The NIST approach uses normal and valid ranges of inputs for its testing and observation.
Fuzzing checks for what happens when input goes out of bounds and is unsanitary, while NIST techniques check for what happens when a programs inputs are within norms but changing relative to other inputs.
Anyway, NIST announced the first revision since 2015 of its Automated Combinatorial Testing for Software, or
ACTS
.
Researchers from the University of Texas at Arlington, Adobe Systems Inc. and Austrias SBA Research announced at last weeks IEEE International Conference on Software Testing, Verification and Validation in China that they had updated a version of Combinatorial Coverage Measurement (CCM) to include extensions to it by SBA Research.
NISTs internal tools were able to handle software that had a few hundred input variables, but SBA Research developed another new tool that can examine software that has up to 2,000. This increase can generate a test suite for up to five-way combinations of input variables.
The two tools can be used in a complementary fashion: While the NIST software can measure the coverage of input combinations, the SBA algorithm can extend coverage to thousands of variables. While the SBA Research algorithm is not an official part of the ACTS test suite, the team says that it has plans to bundle it with ACTS in the future.
NIST will make the algorithm available to any developer who requests it.
Before we revised CCM, it was difficult to test software that handled thousands of variables thoroughly, NIST mathematician Raghu Kacker said in a statement. That limitation is a problem for complex modern software of the sort that is used in passenger airliners and nuclear power plants, because its not just highly configurable, its also life critical. Peoples lives and health are depending on it.
— Larry Loeb has written for many of the last centurys major dead tree computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
NIST Offers Improved Software Testing