NIST paper highlights language vulnerabilities

A recently published paper by the National Institute of Standards and Technology (NIST), examines software assurance tools as a fundamental resource to improve quality in today’s software applications. It looks at the behavior of one class of software assurance tool: the source code security analyzer. Because many software security weaknesses are introduced at the implementation phase, using a source code security analyzer should help reduce the number of security vulnerabilities in software.

The report – Source Code Security Analysis Tool Functional Specification Version 1.1 (NIST Special Publication 500-268 v1.1) – defines a minimum capability to help software professionals understand how a tool can help meet their software security assurance needs. The example languages studied are C, C++, Java and SPARK. The NIST report identifies the languages’ vulnerabilities. As you would expect, the SPARK language comes out well.

This entry was posted in Certification and tagged , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.


  1. Yannick Moy
    Posted May 11, 2011 at 20:47 | Permalink

    The following related presentation on “Vulnerabilities that cannot occur in SPARK” is really enlightening to understand the full potential of SPARK for security:

  2. foobar
    Posted May 12, 2011 at 00:40 | Permalink

    Offtopic: Is there a forum to discuss DO-178B?

    • Yannick Moy
      Posted May 19, 2011 at 22:49 | Permalink

      No, there is no forum on Open-DO website, although that’s a good idea. Do you have specific questions about DO-178B?

Post a Comment

Your email is never published nor shared. Required fields are marked *

  • Categories

  • Open-DO Projects

  • Contact

    info @