Share this:

NIST Workshop: Software Measures and Metrics to Reduce Security Vulnerabilities

July 12, 2016

NIST logo

The Federal Cybersecurity Research and Development Strategic Plan seeks to fundamentally alter the dynamics of security, reversing adversaries’ asymmetrical advantages. Achieving this reversal is the mid-term goal of the plan, which calls for “sustainably secure systems development and operation.” Part of the mid-term (3-7 years) goal is “the design and implementation of software, firmware, and hardware that are highly resistant to malicious cyber activities …” and reduce the number of vulnerabilities in software by orders of magnitude. Measures of software play an important role.


Industry requires evidence to tell how vulnerable a piece of software is, what techniques are most effective in developing software with far fewer vulnerabilities, determine the best places to deploy countermeasures, or take any of a number of other actions. This evidence comes from measuring, in the broadest sense, or assessing properties of software. With useful metrics, it is straight-forward to determine which software development technologies or methodologies lead to sustainably secure systems.


The goal of this workshop is to gather ideas on how the Federal Government can best use taxpayer money to identify, improve, package, deliver, or boost the use of software measures and metrics to significantly reduce vulnerabilities.


The workshop will be at the U.S. National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. This workshop is open to all. There is no cost to attend the workshop, but prior registration is required to enter NIST campus.


Dr. Bill Curtis, CISQ Executive Director, will present “CISQ Measures of Secure, Resilient Software.” View the agenda here.


For more information click here.




Leave a Reply

Your email address will not be published. Required fields are marked *



Comment validation by @