Static Analysis Tool Exposition (SATE 2009) Call for Papers

[SAMATE Home | IntrO TO SAMATE | SARD | SATE | Bugs Framework | Publications | Tool Survey | Resources]

National Institute of Standards and Technology (NIST)
Software Assurance Metrics and Tool Evaluation (SAMATE)
Project Static Analysis Tool Exposition (SATE 2009) Workshop
6 November 2009
Crystal City Marriott, Arlington, VA
https://samate.nist.gov/

Software must be developed to be high quality: quality cannot be "tested in". However auditors, certifiers, and others must assess the quality of delivered software. "Black-box" software testing cannot realistically find maliciously implanted Trojan horses or subtle errors which have many preconditions. For maximum reliability and assurance, static analysis must be applied to all levels of software artifacts, from models to source code to byte code to binaries. Static analyzers are quite capable and are developing quickly. Yet, developers, auditors, and examiners could use far more capabilities.

This workshop has two goals. First, gather participants and organizers of Static Analysis Tool Exposition 2009 to share experiences, report interesting observations, and discuss lessons learned. We will reserve workshop time for such presentations from SATE participants.

The second goal of the workshop is to convene researchers, developers, and government and industrial users to define obstacles to urgently-needed software assurance capabilities and identify approaches to overcome them, either engineering or research. In addition to SATE presentations we solicit contributions describing basic research, applications, experience, or proposals relevant to software assurance tools, techniques, and their evaluation. Questions and topics of interest include but are not limited to:

• Contribution of static analysis to software security assurance
• Issues in applying static analysis to binaries * System assurance at the design or requirements level
• Integration of, or tradeoffs between, static and dynamic analysis
• Issues in scaling static analysis to deal with large systems
• Flaw catching vs. sound analysis
• Benchmarks or reference datasets
• Formal descriptions of weaknesses and vulnerabilities in the CWE
• User experience drawing useful lessons or comparisons
• Synergies of pre- and post-production assurance
• Case studies on real applications
• Temporal and inter-tool information sharing

This workshop follows Static Analysis Tool Exposition (at SAW 2008), the Static Analysis Summit (2006), and Static Analysis Summit II (2007).

SUBMISSIONS:

Open submission papers should be from 2 to 8 pages long. Papers over eight pages will not be reviewed. Papers should clearly identify their novel contributions.

Submit papers electronically in PDF no later than 2 October 2009 to Wendy Havens . Your submission constitutes permission for us to publish it in workshop proceedings.

We will notify submitters of acceptance by 16 October 2009.

Presentations by SATE participants will be handled separately.

PUBLICATION:

Accepted papers will be published in the workshop proceedings as a NIST Special Publication.

IMPORTANT DATES:

2 October: Paper submission deadline
16 October: Author notification
6 November: Workshop

GENERAL CHAIR:

Paul E. Black paul.black [at] nist.gov (paul[dot]black[at]nist[dot]gov)