SAMATE - Software Assurance Metrics And Tool Evaluation

From SAMATE

Welcome to the NIST SAMATE* project. This is sponsored by the U.S. Department of Homeland Security (DHS) National Cyber Security Division and NIST. This project supports the DHS Software Assurance Program. Introduction to SAMATE has more details.

For us, Software Assurance (SA) covers both the property and the process to achieve it:

Level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle and that the software functions in the intended manner

from CNSS National Information Assurance (IA) Glossary CNSSI-4009

... the planned and systematic set of activities that ensures that software processes and products conform to requirements, standards, and procedures

from NASA Software Assurance Standard NASA-STD-8739.8 (see quality assurance (1) in IEEE 610.12)

SAMATE Links

• Nearly 60,000 new test cases covering over 100 CWEs are now available as individual test cases in the SRD. They are also available in two test suites, one for C/C++ and one for Java.
• The experience meeting for the fourth Static Analysis Tool Exposition (SATE IV) will be Thursday, 29 March 2012.
• The final report and data for SATE 2010 are available. SATE 2010 was reported at the SATE workshop, October 2010.
• SATE 2009 reported at SATE Workshop, November 2009
• SATE 2008 reported at Static Analysis Workshop, June 2008
• Source Code Security Analysis specifications, background, etc.
• Web Application Scanner specifications, background, etc.

• The SAMATE Reference Dataset (SRD), with thousands of test programs, and its manual.
• SA Tool Taxonomy
• SAMATE Publications
• Technical Advisory Panel

Join the SAMATE mailing list!

If you wish to participate in the online discussion of SAMATE, including the reference dataset, specifications, SATE, metrics, etc., please email michael.kass@nist.gov. If you are already a member, the mailing list web site is http://groups.yahoo.com/group/samate/

Short URL to get to this site is http://samate.nist.gov/

We pronounce SAMATE suh-mate, which rhymes with date.

If you are looking for the (similarly named) Software Engineering Method And Theory (SEMAT) project web site, please visit http://www.semat.org/bin/view/Main/.

This web site was created July 2005.