Free NIST Software Tool Boosts Detection of Software Bugs
Researchers at the National Institute of Standards and
Technology (NIST) have released an updated version of a computer system testing
tool that can cut software development costs by more efficiently finding flaws.
software “bugs” is traditionally difficult and time-consuming. About 50 percent of software development
budgets go to testing, yet flaws in software still cost the U.S. economy $59.5 billion
annually. In efforts to address this issue, NIST designed the Advanced
Combinatorial Testing System (ACTS), a freely available software tool.
Fewer software flaws mean enhanced security for personal,
government and corporate systems. Hackers often take advantage of software flaws
to introduce malware including viruses and botnets to disrupt or take control
of computer systems. Once inside a computer, attackers can access personal
information or valuable company data.
The NIST Combinatorial Testing for Software is based on
research by NIST and others and
generates a plan for testing combinations of two to six variables that can
interact and cause errors. While studying software crashes of medical
device and Web browsers, researchers determined that between 70 and 95 percent
of software failures are triggered by only two variables interacting, and
practically 100 percent of software failures are triggered by no more than six.
In one project, NIST could test all six-way combinations with only 522 tests
instead of 17 billion, and find nearly 100 percent of the flaws.
Since the first version was released in 2008, it has been
downloaded by 465 times by industry, academia, government and individuals.
For more information, visit http://csrc.nist.gov/groups/SNS/acts/index.html.