The SAMATE Project Department of Homeland Security

Source Code Security Analysis

From SAMATE


For our purposes, a source code security analyzer

  1. examines source code to
  2. detect and report weaknesses that can lead to security vulnerabilities.

Specifications

Source Code Security Analysis Tool Functional Specification Version 1.1, NIST Special Publication 500-268, February 2011, http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268_v1.1.pdf
This version 1.1 updates version 1.0 by adding the SPARK language in Annex A and improving explanations.

Earlier version

Source Code Security Analysis Tool Functional Specification Version 1.0, NIST Special Publication 500-268, May 2007, http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf

Drafts

Test Plan

Source Code Security Analysis Tool Test Plan Version 1.1, NIST Special Publication 500-270, July 2011, http://samate.nist.gov/docs/source_code_security_analysis_tool_test_plan_SP500-270.pdf
This version 1.1 updates version 1.0 by adding Java test suites and updating C/C++ test suites.

Earlier versions

Source Code Security Analysis Tool Test Plan Version 1.0, NIST Special Publication 500-270,

Tool Instances