Hi everyone,

I’m currently working with a university research group, and we’re exploring the real-world use of software verification tools in industry.

We’re particularly interested in whether there is a market for mathematical reasoning tools (e.g., formal verification, model checking, static analysis) and how they are actually being used in practice — for example, in quality assurance, software development, or compliance-heavy industries like automotive or aerospace.

So I wanted to ask:

  • How do companys currently ensure that security and quality standards for software are met?

  • What are the motivations behind their use (safety, certifications, cost reduction, etc.)?

Even short replies or anecdotal insights would be super helpful. Also, if you have any references or case studies, we’d be grateful!

Thanks a lot in advance,

Simon

2 Spice ups

Greetings Simon (you don’t really need all the other O’s do you?)
Welcome to SpiceWorks, Glad to see you here and I for one am interested in what your talking about, and the possibilities it may have, I just don’t know if it does have them…which I think is why you here asking, No?

To ensure I understand correctly, your looking at software that will check other software for licensing, and any and all applicable compliancy Yes?

I think your looking for SCAP, used primarily by the DoD, ensuring compliance with NIST, and whatever other policies and guides thrown in there (it is configurable)

To answer your questions directly:
Most companies do not use SCAP but rely on the output vice how they got there. If that makes sense.
The only reason most agencies use it, is because DISA will pull their accreditation and throw them off the government networks if they do not meet the compliancy requirements. SCAP shows in detail everything they have right, wrong and at what levels, and even what to do to fix them.

Looking to make this available for commercial companies is already there, to the best of my knowledge.
Making Scap more user friendly, now THAT would be a welcome GUI! Perhaps something with AI running SCAP, if it were given particulars about the network(s) it was investigating.

I’m blathering now…PM me if you would like to talk more on this.

1 Spice up