From: kuhn@swe.ncsl.nist.gov (Rick Kuhn)
Newsgroups: comp.software-eng,alt.security,comp.specification
Subject: Report on Assurance of High Integrity Software
Message-ID: <951@dove.nist.gov>
Date: 4 Oct 91 18:09:42 GMT
Organization: NIST

Assurance of High Integrity Software - report available

The need for dependable software has resulted in the production of a
variety of standards:  the Trusted Computer Security Evaluation
Criteria ("Orange Book"), the British MoD 00-55, the DO-178A standard
for civil aviation, the IEC 880 standard for the nuclear industry, and
others.  Because of technical, economic, and political considerations,
these standards approach the question of assurance from a variety of
viewpoints.  There is much disagreement over how dependable software
can be produced.  The controversy over MoD 00-55, with its requirement
for formal methods and deprecated programming practices, is a recent
example.

To address the question of assuring the trustworthiness and integrity
of software, and what assurances should be required in standards, the
National Institute of Standards and Technology brought together experts
>From industry, academia, and government in a Workshop on the Assurance
of High Integrity Software in January.  The report is now available for
electronic distribution.  (It will soon be available from the Govt.
Printing Office in paper form.) The report can be obtained from our
mail server.  Both Postscript and troff formats are available.  Send a
message containing ONE of the following requests to posix@nist.gov:


	send ahisrptp               /* for Postscript */

	send ahisrptt               /* for troff */


The report will be delivered as three (troff) or 16 (postscript) email
messages.  Remove the headers and concatenate the files, then unpack
them using either 'unshar' or the UNIX shell 'sh'.  (Instructions
included in the files.)