NIST working on new method for finding software bugs

Researchers a the National Institute of Standards and Technology and the University of Texas at Arlington hope to release for beta testing next month a tool to help spot possible problems in complex software.

FireEye will generate tables of tests to look for adverse reactions that can cause applications to crash. Because crashes can be caused by unexpected interactions between large numbers of configurations, testing possible configurations can be prohibitively costly and time consuming. The project has reduced the number of parameters that need to be tested to a manageable level, and FireEye will calculate which possible combinations need to be tested for an application.

“We have advanced the mathematical computational part as far as it needs to go,” said Raghu Kacker, a mathematical statistician at NIST. “The bottleneck is how to integrate this tool into a push-button system” for testing specific applications.

NIST plans initially to focus on firewalls and access control tools because scientists there are familiar with those applications. They hope beta testers in government and industry can help with integrating the tool to test a variety of larger systems.

Researchers expect to release the initial production version of FireEye within a few months of its beta release. They intend to eventually make FireEye source code available as open-source software.