SAMATE - Software Assurance Metrics And Tool Evaluation

From SAMATE

Welcome to the NIST SAMATE* project. This is sponsored by the U.S. Department of Homeland Security (DHS) National Cyber Security Division and NIST. This project supports the DHS Software Assurance Program. Introduction to SAMATE has more details.

For us, Software Assurance (SA) covers both the property and the process to achieve it:

Justifiable confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle and that the software functions in the intended manner

from CNSS National Information Assurance (IA) Glossary CNSSI-4009

... the planned and systematic set of activities that ensures that software processes and products conform to requirements, standards, and procedures

from NASA Software Assurance Standard NASA-STD-8739.8 (see quality assurance (1) in IEEE 610.12)

SAMATE Links

• A new version of Juliet is available in two test suites, one for C/C++ and one for Java. Version 1.1 has additional documentation, covers more CWEs, and corrects many errors in individual tests. Version 1.0 is still available as individual test cases in the SRD and as test suites.
• We are preparing the Static Analysis Tool Exposition (SATE) V. We plan to provide test cases to participating teams by June 1, 2013. Please contact us if you are interested in participating.
• The final report and data for SATE IV are available. SATE IV was reported at the SATE workshop, March 2012.
• SATE 2010 reported at SATE Workshop, October 2010
• SATE 2009 reported at SATE Workshop, November 2009
• SATE 2008 reported at Static Analysis Workshop, June 2008
• Source Code Security Analysis specifications, background, etc.
• Web Application Scanner specifications, background, etc.

• The SAMATE Reference Dataset (SRD), with thousands of test programs, and its manual.
• SA Tool Taxonomy
• SAMATE Publications
• Technical Advisory Panel

Join the SAMATE mailing list!

If you wish to participate in the online discussion of SAMATE, including the reference dataset, specifications, SATE, metrics, etc., please email Tim Boland. If you are already a member, the mailing list web site is http://groups.yahoo.com/group/samate/

Short URL to get to this site is http://samate.nist.gov/

We pronounce SAMATE suh-mate, which rhymes with date.

If you are looking for the (similarly named) Software Engineering Method And Theory (SEMAT) project web site, please visit http://semat.org/.

This web site was created July 2005.