The SAMATE Project Department of Homeland Security

SAMATE Publications

From SAMATE

Papers

A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, April 2013, proc. Sixth Latin-America Symposium on Dependable Computing (LADC 2013), Paul E. Black, Hsiao-Ming (Michael) Koo, and Thomas Irish.

Report on the Static Analysis Tool Exposition (SATE) IV, January 2013, NIST Special Publication 500-297, Vadim Okun, Aurelien Delaitre, and Paul E. Black, http://dx.doi.org/10.6028/NIST.SP.500-297.

Report on the Metrics and Standards for Software Testing (MaSST) Workshop 2012, December 2012, NIST Internal Report 7920, Paul E. Black and Elizabeth Fong.

Juliet 1.1 C/C++ and Java Test Suite, October 2012, IEEE Computer, 45(10):88-90, Tim Boland and Paul E. Black.

Static Analyzers: Seat Belts for Your Code, May-June 2012, IEEE Security & Privacy, 10(3):48-52, Paul E. Black.

Software Vulnerabilities Precluded by SPARK, November 2011, ACM Int'l Conf. on Ada and Related Technologies: Engineering Safe, Secure, and Reliable Software (SIGAda 2011), Paul E. Black (NIST), Chris E. Dupilka (U.S. DoD), F. David Jones, and Joyce Tokar (Pyrrhus Software).

Report on the Third Static Analysis Tool Exposition (SATE 2010), October 2011, NIST Special Publication 500-283, Vadim Okun, Aurelien Delaitre, and Paul E. Black.

Counting Bugs is Harder Than You Think, September 2011, 11th IEEE Int'l Working Conference on Source Code Analysis and Manipulation (SCAM 2011), Williamsburg, VA, Paul E. Black.

Source Code Security Analysis Tool Test Plan Version 1.1, NIST Special Publication 500-270 v1.1, July 2011, Michael Koo, Romain Gaucher, Charline Cleraux, and Jenise Reyes Rodriguez.

Source Code Security Analysis Tool Functional Specification Version 1.1, NIST Special Publication 500-268 v1.1, February 2011, Paul E. Black, Michael Kass, Michael Koo, and Elizabeth Fong.

Toward a Preliminary Framework for Assessing the Trustworthiness of Software, U.S. National Institute of Standards and Technology (NIST) Interagency Report (IR) 7755, November 2010, Tim Boland, Charline Cleraux, and Elizabeth Fong.

The Second Static Analysis Tool Exposition (SATE) 2009, U.S. National Institute of Standards and Technology (NIST) Special Publication (SP) 500-287, June 2010, Vadim Okun, Aurelien Delaitre, and Paul E. Black.

Static Analysis Tool Exposition (SATE) 2008, U.S. National Institute of Standards and Technology (NIST) Special Publication (SP) 500-279, June 2009, Vadim Okun, Romain Gaucher, and Paul E. Black, editors.

Static Analyzers in Software Engineering, CrossTalk, The Journal of Defense Software Engineering, 22(3):16-17, March/April 2009, Paul E. Black.

Software Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0, NIST Special Publication 500-269, January 2008.

Building a Test Suite for Web Application Scanners, January 2008, 41st Hawaii Int'l Conf. on System Sciences (HICSS), Elizabeth Fong, Romain Gaucher, Vadim Okun, Paul E. Black, and Eric Dalci.

Software Assurance with SAMATE Reference Dataset, Tool Standards, and Studies, October 2007, 26th Digital Avionics Systems Conference (DASC), Paul E. Black.

Effect of Static Analysis Tools on Software Security: Preliminary Investigation, October 2007, Third Workshop on Quality of Protection (QoP), Vadim Okun, William F. Guthrie, Romain Gaucher, and Paul E. Black.

SAMATE and Evaluating Static Analysis Tools, June 2007, Int'l Conf. on Reliable Software Technologies - Ada-Europe, Paul E. Black.

Source Code Security Analysis Tool Functional Specification Version 1.0, NIST Special Publication 500-268, May 2007, Paul E. Black, Michael Kass, and Michael Koo. Replaced by Version 1.1.

Web Application Scanners: Definitions and Functions, January 2007, 40th Hawaii Int'l Conf. on System Sciences (HICSS), Elizabeth Fong and Vadim Okun.

SAMATE's Contribution to Information Assurance, Fall 2006, IAnewsletter, 9(2):4-7, Paul E. Black.

Software Assurance During Maintenance, September 2006, Int'l Conf. on Software Maintenance (ICSM), Paul E. Black.

Software Assurance Metrics And Tool Evaluation, June 2005, Int'l Conf. on Software Engineering Research and Practice (SERP), Paul E. Black.

Workshops

Static Analysis Tool Exposition (SATE) V Workshop, NIST, Gaithersburg, Maryland, March 2014.

Static Analysis Tool Exposition (SATE) IV Workshop, co-located with the Spring 2012 Software Assurance Forum, MITRE, McLean, Virginia, March 2012.

Static Analysis Tool Exposition (SATE) 2010 Workshop, co-located with the 13th semi-annual Software Assurance Forum, NIST, Gaithersburg, Maryland, October 2010.

Static Analysis Tool Exposition (SATE) 2009 Workshop, co-located with the 11th semi-annual Software Assurance Forum, Arlington, Virginia, November 2009.

Static Analysis Workshop (SAW), including Static Analysis Tool Exposition (SATE) 2008 reports, co-located with PLDI, Tucson, Arizona, June 2008.

Static Analysis Summit II (SASII) in conjunction with SIGAda, Fairfax, Virginia, Nov 2007.

Static Analysis Summit (SAS), Gaithersburg, Maryland, Jun 2006.

Workshop on Software Security Assurance Tools, Techniques, and Metrics (SSATTM), Long Beach, California, Nov 2005.

Workshop on Defining the State of the Art in Software Security Tools, Gaithersburg, Maryland, Aug 2005.

Presentations

Many of these are available from us.

SATE V background, 14 March 2014, Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Vadim Okun.

Synthetic Test Cases (Juliet) Analysis Results, 14 March 2014, Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Aurelien Delaitre.

SATE V Ockham Sound Analysis Criteria, 14 March 2014, Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Paul E. Black.

CVE-Selected Analysis Results, 14 March 2014, Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Bertrand Stivalet.

Counting Bugs is Harder Than You Think, 26 October 2012, University of Pretoria, Paul E. Black.

Choosing the Right Software Assurance Tools, 18 September 2012, Software Assurance Forum Fall 2012, MITRE, Virginia, Paul E. Black.

Road to Confidence in IT Systems: SAMATE's SATE and SARD projects, 26 May 2012, Information Security and Privacy Advisory Board (ISPAB) Workshop (NIST), Paul E. Black.

Toward CWE Compatibility Effectiveness, 31 October 2011, 7th Annual IT Security Automation Conference, Paul E. Black.

Static Analysis & Static Analysis Tools: Their Role in Software Development, 28 October 2011, Information-technology Promotion Agency (IPA) Software Engineering Center, Japan, Paul E. Black.

Software Vulnerabilities Precluded by SPARK, 6 May 2011, 11th annual High Confidence Software and Systems Conference, Paul E. Black.

View on Software Conformance Testing, 26 Aug 2010, Software Certification Consortium, Paul E. Black.

Static Analysis Tool Exposition (SATE) and Reality, 13 May 2010, NSA CAS Workshop at HCSS, Paul E. Black.

The Role of Static Analysis in Software Development, 16 April 2010, ACCU 2010, Paul E. Black.

Product Labeling, 11 March 2010, 12th Semi-Annual Software Assurance Forum, Paul E. Black.

Evaluating Static Analysis Tools, 8 July 2009, CNW at MIT/Lincoln Labs, Paul E. Black.

Static Analysis Tool Exposition (SATE), 17 June 2009, DHS SwA Forum, Vadim Okun.

Problems Counting Weaknesses from Static Analysis Tool Exposition (SATE), 22 May 2009, CAS SwA Forum at HCSS, Paul E. Black.

Code Transparency and Diagnostic Capabilities, 21 April 2009, SSTC, Paul E. Black.

Can Tools Help Software Assurance?, 29 August 2008, briefing to INFOSEC Research Council, Paul E. Black.

Briefing on Static Analysis Tool Exposition (SATE) 2008, 25 June 2008, Center for Assured Software (CAS) Software Assurance Workshop, Paul E. Black.

Observations on Static Analysis to Detect Weaknesses, 12 June 2008, SAW, Paul E. Black.

SATE 2008 background, 12 June 2008, SAW, Vadim Okun.

TT&PE Working Group Outbrief, 07 May 2008, DHS Forum Plenary Session, Michael Kass.

Software Bugtraps: Software That Makes Software Better, 7 May 2008, DHS Software Assurance Forum, Paul E. Black.

Code Transparency Panel: What's in YOUR Code?, 7 May 2008, DHS Software Assurance Forum, Paul E. Black (facilitator).

Coordinating Session for May DHS Forum, 31 March 2008, DHS Working Group Chair Strategy Meeting, Michael Kass.

Software Assurance Case NIST Role, 13 March 2008, OMG Software Assurance AB SIG meeting, Elizabeth Fong.

Panel Discussion on SwA Tool Testing, 11 March 2008, OMG Government Information Days, Michael Kass.

SAMATE Project Update; Understanding Web App Scanners, 31 January 2008, DHS Software Assurance Working Group, Paul E. Black and Romain Gaucher.

Testing Web Application Scanner Tools, 30 October 2007, Verify Conference, Elizabeth Fong and Romain Gaucher.

Source Code Security: WHY?, 9 August 2007, NIST SURF Review, Nathaniel Vaughn.

Designing test cases for security analyzers, 9 August 2007, NIST SURF Review, Jonathan Diamond.

C/C++/Java Source Code Obfuscator: A Filename Scrambler to Minimize Collisions, 1 August 2007, SAMATE Group Meeting, Cyril Lan.

SAMATE Update: Web App & Source Code Analysis Tools, July 2007, DHS Software Assurance Working Group, Paul E. Black.

Upcoming SAMATE Projects, May 2007, DHS Software Assurance Forum, Paul E. Black.

SAMATE, May 2007, NIST, Paul E. Black.

A Standard Reference Dataset (SRD) for Software Security, 5 March 2007, NIST, Paul E. Black.

Software Assurance Metrics And Tool Evaluation, 22 January 2007, DHS Software Assurance Forum, Paul E. Black.

SAMATE Source Code Security Analysis Specification, 22 January 2007, DHS Software Assurance Forum, Mike Kass.

SAMATE Source Code Analysis Tool Test Plan, 22 January 2007, DHS Software Assurance Forum, Mike Koo.

SAMATE Web Application Scanner Tool Testing, 22 January 2007, DHS Software Assurance Forum, Elizabeth Fong.

Effect of Source Code Analysis Tools on Software Security: Preliminary Assessment, 22 January 2007, DHS Software Assurance Forum, Vadim Okun.

Software Assurance Metrics And Tool Evaluation, or, Does the Emperor Really Have New Clothes?, October 2006, Tactical Information Assurance, Paul E. Black.

Software Assurance Metrics and Tool Evaluation to Enhance Software Security, 8 August 2006, NIST SURF Review, Jeff Meister.

Security Flaws & Testing, 14 April 2006, Virginia State University, Paul E. Black.

Languages, 14 April 2006, Virginia State University, Paul E. Black.

SAMATE and Web Application Vulnerability Assessment Tools, March 16, 2006, DHS Forum, Elizabeth Fong.

Secure Software Tool Evaluation, March 2006, Lawrence Livermore National Laboratory, Paul E. Black.

The SAMATE Project and How it Helps Enhance Software Trustworthiness, February 2006, OMG Technical Meeting, Vadim Okun.

The Software Assurance Metrics and Tool Evaluation (SAMATE) Project, October 2005, OWASP AppSec DC, Paul E. Black.

Software Assurance Metrics And Tool Evaluation, July 2005, DHS Software Assurance Forum, Paul E. Black.

Testing, SAMATE, and Metrics, April 2005, Workshop on Assessment of IT Forensic Tools, Paul E. Black.