The
Economist: "Software that Makes Software Better"
SAMATE project leader, Paul E. Black was interviewed for The Economist's
March 6, 2008 article, "Software that makes software betters".
The article, which includes interviews from leading software assurance
researchers, discusses software tools for improving code quality,
programmer productivity and cost-effectiveness of fixing buggy software.
CCHIT,
IHE and NIST Collaborate in Developing Health IT Testing Tools
The
NIST, Certification Commission for Healthcare Information Technology
(CCHIT) and Integrating the Healthcare Enterprise (IHE) are collaborating
where practical to build healthcare IT testing tools, in order to
minimize duplication of effort and provide consistency in testing
and standards compliance. A CCHIT press release describes the Framework
for Collaboration which clarifies the roles and goals of fostering
standards-based interoperability of healthcare IT systems.
Thomas
R. Rhodes and Thelma Allen Receive 2007 Bronze Medal
Tom Rhodes and Thelma Allen are being recognized with the 2007 Bronze
Medal as part of a NIST-wide team for contributions to the first-ever
assessment of the U.S. measurement systems ability to sustain
innovation at a world-leading pace. Measurement
is key to a nations ability to innovate. A new NIST report,
An Assessment of the U.S. Measurement System: Addressing Measurement
Barriers to Accelerate Innovation, details results of the first-ever
assessment of the capacity of the nations measurement infrastructure
to sustain U.S. innovation at a world-leading pace. This assessment
was a massive undertaking that required extensive coordination across
NIST and with external contributors. The USMS Task Group provided
the executive and editorial leadership that produced the report. The
results of this project have been recognized by Administration and
congressional policy makers, and the report is helping to guide priority
setting by NIST and private and public sector organizations as they
identify and overcome measurement barriers to innovation.
HITSP
Endorses NIST-Developed HIT Website:
ANSI's Health Information Technology Standards Panel endorses the
Health Information Technology (HIT) Implementation Testing and Support
web site for the Nationwide Health Information Network (NHIN) Initiative.
The site was developed by the National Institute of Standards and
Technology (NIST) in partnership with HITSP, the Certification Commission
(CCHIT), and the HHS Office of the National Coordinator (ONC). The
web site is a starting point for providing HIT implementers with access
to the tools and resources needed to support and test the implementation
of standards-based health systems. The site currently provides information
about the NHIN initiatives, CCHIT, HITSP, the Interoperability Specifications,
the standards referenced by these specifications, and the available
test resources.
Klocwork
tool uses NIST's SAMATE Reference Dataset:
Klocwork Inc, a provider of automated source code analysis software
for improving software security and quality, used the NISTs Software
Assurance Metrics and Test Evaluation (SAMATE) Reference Dataset <http://samate.nist.gov/SRD/>
(SRD) to measure the comprehensiveness of its analysis software tool,
Klocwork K7.7. The SAMATE Reference Dataset (SRD) provides users,
researchers, and tool developers with a set of known security flaws
that allow end users to evaluate tools and tool developers to test
their methods. Using the SRD, the Klocwork K7.7 tool successfully
detected a wide range of security vulnerabilities, with a pass rate
exceeding 90%.
SAMATE
project publications and products are recommended reading in the
Secure Software Development course at the Communications Security
Establishment, Canada's National Cryptologic Agency.
Software
from the SAMATE project is included in the Open Web Application
Security Project (OWASP) Foundation's Web Application Scanner tool,
Pantera.
John
Garguilo and Gavin OBrien Receive 2006 Bronze Medal
John Garguilo and Gavin OBrien were recognized at NISTs
2006 Awards Ceremony as part of a team from the Advanced Technology
Program. The team was recognized for successfully developing and implementing
an electronic business process workflow solution known as the Workflow
Information Resource Center (WIRC). The WIRC online resource center
surmounted the difficult and complex problem of integrating a diverse
set of applications, systems, and data sources created over the first
13 years of the ATP program. The Bronze Medal Award is the highest
honorary recognition available for Institute presentation. The award
recognizes work that has resulted in more effective and efficient
management systems as well as the demonstration of unusual initiative
or creative ability in the development and improvement of methods
and procedures.
Leonard Gebase and Robert Snelick Receive 2006 Bronze Medal
Leonard Gebase and Rob Snelick were recognized at NISTs 2006
Awards Ceremony with a Bronze Medal for their achievement in advancing
and improving conformance testing for specifications that require
trading partner agreements or profiles to define the interface specifics
for interoperability. They have developed an innovative methodology
and software tool to automatically produce self adapting test messages
that are dynamically created for implementations of the Health Level
7 standard. The Bronze Medal Award is the highest honorary recognition
available for Institute presentation. The award recognizes work that
has resulted in more effective and efficient management systems as
well as the demonstration of unusual initiative or creative ability
in the development and improvement of methods and procedures.
NIST
XDS Profile implementation incorporated by the Saphire Project:
The Saphire
Project, supported by the eHealth Unit of the European Commission,
aims to develop an intelligent healthcare monitoring and decision
support system on a platform integrating the wireless medical sensor
data with hospital information systems. As part of the Saphiae Project,
the IHE ATNA, CT and PIX Profiles were implemented on top of the NIST
XDS Profile implementation and successfully demonstrated at the eHealth
Conference in Malaga Spain as part of the Roadmap
for Interoperability of eHealth Systems (RIDE). JoJim Lyle and
Doug White receive DoC Silver Medal for their work in computer forensics.
They are being recognized for their achievement in developing computer
forensic standards and test methods needed for successful investigation
and prosecution of crimes involving computers. The Silver Medal is
the second highest honorary award granted by the Secretary of Commerce
for exceptional performance characterized by noteworthy or superlative
contributions which have a direct and lasting impact within the Department.
Jim Lyle and Doug White receive DoC Silver
Medal Award for Computer Forensics:
Jim Lyle and Doug White receive DoC Silver Medal for their work in
computer forensics. They are being recognized for their achievement
in developing computer forensic standards and test methods needed
for successful investigation and prosecution of crimes involving computers.
The Silver Medal is the second highest honorary award granted by the
Secretary of Commerce for exceptional performance characterized by
noteworthy or superlative contributions which have a direct and lasting
impact within the Department.
HIMSS
Interoperability Showcase features the NIST XDS reference implementation:
Connecting clinicians using interoperable electronic health record
(EHR) products and standards so that they can share patient data was
the focus of the 2005 Annual Healthcare Information and Management
Systems Society (HIMSS) Interoperability Showcase. The NIST cross-enterprise
document sharing (XDS) reference implementation served as the 'hub'
in a multi-vendor demonstration, where multiple vendors demonstrated
the concept of an EHR based on XDS. Using the NIST reference implementation,
multiple organizations were able to demonstrate cross-vendor integration
and interoperability. Creating an interoperable health information
architecture in which clinical data can be shared by clinicians at
the point of care is a national priority and part of President Bush's
vision for the future of healthcare in the United States.
FDA
uses NSRL in Botox-botulism poisoning case:
In November 2004, four people were hospitalized with botulism poisoning
after getting what they thought was Botox injections. The Food
and Drug Administration investigators needed to act quickly in this
life threatening situation to identify and warn anyone else who might
have used the botulism. Needing software that could read the shipping
records, but unable to obtain a copy this obsolete software
the FDA turned to NIST's NSRL. The NSRL's extensive software library
was able to provide the FDA with a copy of the software. Using
the software, the FDA was able to warn hundreds of individuals that
they were at risk of botulism poisoning.
U.S.
Election Assistance Commission recommends NSRL use:
As part of its electronic voting security strategy, Election Assistance
Commission (EAC) Chairman Soaries requested that voting software vendors
submit their certified software to the National Software Reference
Library (NSRL) at NIST. Using the NSRL will facilitate the tracking
of software version usage and integrity.
ALTOV
uses NIST XSLT conformance test suite
Altov, creator of software development tools, including XMLSPY, uses
the NIST XSLT test suite as part of their quality assurance process
and incorporates the tests into their own test suite. “It is a pillar
of the ALTOVAXSLT processor test-suite, and one that we are grateful
for.”
American
Telemedicine Association defines standards for tele-retinal imaging
Together ATA and NIST/Information Technology Laboratory have conducted
a series of workshops to identify standards needed to provide ocular
care through telecommunications technology. This effort focused on
tele-retinal imaging for the assessment of diabetic retinopathy (e.g.,
taking images of the eye and evaluating those images to diagnose and
treat diabetic retinopathy). The result of these workshops is a consensus-based
document that includes the identification of appropriate technical
standards, clinical protocols, and administrative arrangements. It
will be promulgated as an ATA Technical Standard and be published
in the ATA Journal. As a Technical Standard, it will be used to advance
the use of telemedicine in fields related to ophthalmology, optometry,
and optical engineering.
NIST XQuery test suite used by the BumbleBee XQuery test harness
The BumbleBee, an automated test harness for evaluating XQuery engines
and validating queries expressed in the W3C XQuery language, includes
over 1000 of the NIST XQuery test suite. The NIST test suite currently
provides Function and Operator tests. www.nist.gov/xml/
NIJ publishes test report based on SSD's
Computer Forensics Tool Testing methodology
The Department of Justice's National Institute of Justice (NIJ) Special
Report documents results of testing Red Hat Linux dd against the SSD's
Computer Forensics Tool Testing (CFTT) project's Disk Imaging Tool
Specification. As a result of the testing, computer forensics laboratories
across the country have made procedural changes to the way they use
dd in investigations. This is the first of many test reports that
NIJ will publish. The test results provide information for toolmakers
to improve tools used in computer forensics investigations, users
to make informed choices, and the legal community and others to understand
the tools' capabilities.
www.ojp.usdoj.gov/nij/pubs-sum/196352.htm
NIST CFTT cited in Moussaoui Trial
In the trail of alleged terrorist Zacarias Moussaoui, the only person
publicly charged in the United States in connection with the September
11 terrorist attacks, a court document filed on December 30, 2002,
by David J. Novak, Assistant United States Attorney, referenced results
of the NIST CFTT project supporting the governments use of computer
forensic tools in examining the defendant's computer systems. http://notabloecases.vaed.uscourts.gov/1:01-cr-00455/docs/68092/0.pdf
Guidance Software EnCase Tool imports the
NSRL's RDS
One of the preeminent computer forensic tools, EnCase, has included
the ability to import SSD's National Software Reference Library's
Reference Data Set (RDS). The National Software Reference Library
(NSRL) is designed to collect software from various sources and incorporate
file profiles computed from this software into a Reference Data Set
(RDS) of information. The RDS can be used by law enforcement, government,
and industry organizations to review files on a computer by matching
file profiles in the RDS. This will help alleviate much of the effort
involved in determining which files are important as evidence on computers
or file systems that have been seized as part of criminal investigations.
NSRL and CFTT projects cited in Handbook of
Computer Crime Investigation
SSD's NSRL and CFTT projects are both described in the Handbook of
Computer Crime Investigation edited by Eoghan Casey, 2002.
Jim Lyle to serve as a member of the Journal
of Digital Evidence
Jim Lyle was invited to join the Editorial Board of the International
Journal of Digital Evidence. The Journal is a forum for discussion
of theory, research, policy, and practice in the rapidly changing
field of digital evidence.
John Barkley receives DoC Gold Medal Award
for RBAC
John Barkley and members of the Role Based Access Control (RBAC) Team
received the 2002 Department of Commerce Gold Medal Award. The award
citation stated, "Their technical acumen and successful transfer saved
private industry $295 million, accelerated deployment by one year,
brought an essential security capability to the marketplace..." This
award is the highest honor award conferred upon an employee by the
Department of Commerce for rare and distinguished contributions of
major significance to the Department or the Nation.
Bill Majurski receives DoC Bronze Medal
Award
Bill Majurski received the 2002 Department of Commerce Bronze Medal
Award for his work on Health Information Systems (HIS) and his contributions
to the Department of Veteran Affairs. The award citation stated, "His
work improves the quality and cost effectiveness of HIS and also enables
interoperability among both new and legacy systems." This award is
granted by the NIST Director for superior contributions to NIST.
XSLT Conformance Tests included in XML Tester
Tool
The XSLT Conformance Tests have been included as part of a demonstration
of an open-source repository-based testing tool called XML Tester.
The XML Tester is intended to be a tool for rigorous black-box validation
of systems that process XML messages. The NIST XSLT tests were selected
because they span a useful range of functionality, are easy to read,
and are uniformly and clearly structured.
www.xmltester.org
DOM Level 2 HTML is now a Proposed W3C Recommendation
The NIST developed DOM Level 2 HTML test suite contributed towards
the W3C DOM Level 2 HTML specification becoming a proposed W3C Recommendation.
As part of the requirements for progressing through the W3C document
process, the DOM test suite was used to demonstrate that at least
two implementations were correct and could interoperate.
Apache XML includes NIST test cases for XSLT
The Apache XML Project includes the XSLT test cases developed by SSD's
Carmelo Montanez-Rivera as part of its Apache Xalan-Java tests. Xalan-Java
is an open source XSLT processor for transforming XML documents into
HTML, text, or other XML document types. These tests are provided
for Xalan contributors to evaluate the impact of code changes to ensure
that these changes don't cause any regressions to the current Xalan
code. The Apache XML Project (part of the Apache Software Foundation)
is an open source repository of standard based XML solutions.
http://xml.apache.org/xalan-j/test/overview.html
Testing X-Hive/DB against the DOM Test Suite
X-Hive/DB, a native XML database, declared that when tested against
the DOM Conformance Test suite, X-Hive/DB passed all 290 tests (Note:
290 is the number of tests as of March 25, 2002).
www.x-hive.com