SAMATE - Software Assurance Metrics And Tool Evaluation
Welcome to the NIST SAMATE* project. This is sponsored by the U.S. Department of Homeland Security (DHS) Office of Cyber Security and Communications and NIST. This project supports the DHS Software Assurance Program. Introduction to SAMATE has more details.
For us, Software Assurance (SA) covers both the property and the process to achieve it:
- [Justifiable] confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle and that the software functions in the intended manner
- from CNSS National Information Assurance (IA) Glossary CNSSI-4009, 26 April 2010, page 69.
- ... the planned and systematic set of activities that ensures that software processes and products conform to requirements, standards, and procedures
- IARPA STONESOUP Phase 3 is available as a virtual machine. IARPA STONESOUP documents are available here. Phase 1 is also available here.
- A new version of Juliet, 1.2, is available in two test suites, one for C/C++ and one for Java. Previous versions are still available in the SARD.
- The Static Analysis Tool Exposition (SATE) V reported at the SATE workshop, March 2014. We are working on the final report.
- SATE IV reported at the SATE workshop, March 2012.
- SATE 2010 reported at SATE Workshop, October 2010.
- SATE 2009 reported at SATE Workshop, November 2009.
- SATE 2008 reported at Static Analysis Workshop, June 2008.
- The Software Assurance Reference Dataset (SARD) is a collection of thousands of test programs with known security flaws. The Test Case Descriptions page describes the content. The Manual explains access.
- Source Code Security Analysis specifications, background, etc.
- Web Application Scanner specifications, background, etc.
- SA Tool Taxonomy
- SAMATE Publications
- Technical Advisory Panel
Join the SAMATE mailing list!
If you wish to participate in the online discussion of SAMATE, including the reference dataset, specifications, SATE, metrics, etc., please email us. If you are already a member, the mailing list web site is https://groups.yahoo.com/neo/groups/samate/info
Short URL to get to this site is http://samate.nist.gov/
We pronounce SAMATE suh-mate, which rhymes with date.
If you are looking for the (similarly named) Software Engineering Method And Theory (SEMAT) project web site, please visit http://semat.org/.
This web site was created July 2005. This page was updated 2014.