author photo
By Bruce Sussman
Wed | May 1, 2019 | 12:19 PM PDT

Our lives depend on software that is secure and software that works accurately and continuously.

Look at your last round of air travel as an example.

"Planes are actually flying networks if you think of it," Deneen DeFiore, GE Aviation's SVP & Global CISO, told security leaders at SecureWorld Cincinnati. "They are digitally enabled positioning systems, airport systems that are digitally enabled, air traffic management and control systems, and there’s a digital supply chain behind this whole thing that makes this ecosystem thrive."

And each piece of this ecosystem runs on software. Which is why NIST announced an updated NIST tool for testing high-risk software.

Updated NIST software evaluation tool

NIST calls the research toolkit Automated Combinatorial Testing for Software, or ACTS. And it allows software developers to test for more variables, and errors, than ever before.

NIST mathematician Raghu Kacker says this is the biggest advance since 2015 to its Combinatorial Coverage Measurement (CCM):

“Before we revised CCM, it was difficult to test software that handled thousands of variables thoroughly,” Kacker said. “That limitation is a problem for complex modern software of the sort that is used in passenger airliners and nuclear power plants, because it’s not just highly configurable, it’s also life critical. People’s lives and health are depending on it.”

Now, even software that has thousands of input variables, each one of which can have a range of values, can be tested thoroughly.

Check out the new NIST Toolkit for Testing Software for yourself. If you're a software developer, it could increase your confidence that more bugs than ever before have been squashed before launch.

And if you know the software is working, that frees up additional time for testing the software security you built in during the development process.

Stories about NIST and cybersecurity

The NIST Cybersecurity Framework is now a global standard for many organizations who are mindful of cyber risk and cybersecurity.

In fact, our course on implementing and maturing the NIST Cybersecurity Framework is the most popular one we offer at SecureWorld conferences across North America.

And we also write about NIST initiatives a considerable amount.

Based on the readership of these stories, cybersecurity leaders and teams are looking for the kind of information and frameworks that NIST creates. 

Speaking of that, here are some related stories you may want to read:

How the NIST Cybersecurity Framework Maps to Cyber Attacks

5 Years In, The NIST Cybersecurity Framework Keeps Growing, Changing

NIST Small Business Cybersecurity Act and Resources

Most NIST Employees Furloughed in Government Shutdown