U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NISTIR 8151 (Draft)

Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy

Date Published: October 2016
Comments Due: October 18, 2016 (public comment period is CLOSED)
Email Questions to: paul.black@nist.gov


Paul Black (NIST), Mark Badger (NIST), Barbara Guttman (NIST), Elizabeth Fong (NIST)


NIST invites comments on Draft NIST Internal Report (NISTIR) 8151, Dramatically Reducing Software Vulnerabilities -- Report to the White House Office of Science and Technology Policy. The call for a dramatic reduction in software vulnerability is heard from numerous sources, recently from the February 2016 Federal Cybersecurity Research and Development Strategic Plan.  The plan defines goals for reducing vulnerabilities in the near, mid and long term.  This report addresses the first mid-term goal.



metrics; software assurance; security vulnerabilities; Measurement; reduce software vulnerability
Control Families

None selected


Draft NISTIR 8151

Supplemental Material:
None available

Document History:
10/04/16: NISTIR 8151 (Draft)
11/30/16: NISTIR 8151 (Final)


Security and Privacy
assurance; threats; vulnerability management

software & firmware