The SAMATE Project

Department of Homeland Security

Source Code Security Analysis

From SAMATE

For our purposes, a source code security analyzer

examines source code to
detect and report weaknesses that can lead to security vulnerabilities.

Specifications

Source Code Security Analysis Tool Functional Specification Version 1.1, NIST Special Publication 500-268, February 2011, http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268_v1.1.pdf
This version 1.1 updates version 1.0 by adding the SPARK language in Annex A and improving explanations.

Earlier version

Source Code Security Analysis Tool Functional Specification Version 1.0, NIST Special Publication 500-268, May 2007, http://samate.nist.gov/docs/source_code_security_analysis_spec_SP500-268.pdf

Drafts

7 May 2007 DRAFT http://samate.nist.gov/docs/source_code_security_analysis_tool_spec_05_07_07.pdf
29 January 2007 DRAFT http://samate.nist.gov/docs/source_code_security_analysis_tool_spec_01_29_07.pdf
- Public Comments and Responses
15 Sept 2006 DRAFT http://samate.nist.gov/docs/source_code_security_analysis_tool_spec_09_15_06.pdf

Test Plan

Source Code Security Analysis Tool Test Plan Version 1.1, NIST Special Publication 500-270, July 2011, http://samate.nist.gov/docs/source_code_security_analysis_tool_test_plan_SP500-270.pdf
This version 1.1 updates version 1.0 by adding Java test suites and updating C/C++ test suites.

Earlier versions

Source Code Security Analysis Tool Test Plan Version 1.0, NIST Special Publication 500-270,

9 January 2008 DRAFT http://samate.nist.gov/docs/source_code_security_analysis_test_plan_01_09_08.pdf
9 March 2007 DRAFT http://samate.nist.gov/docs/source_code_security_analysis_test_plan_03_09_07.pdf

Tool Instances

Source Code Security Analyzers

Retrieved from "http://samate.nist.gov/index.php/Source_Code_Security_Analysis"

Navigation

Search