Technical Advisory Panel
The NIST Software Assurance Metrics and Tool Evaluation (SAMATE) program began in 2005 to (1) test software security assurance evaluation tools, (2) measure the effectiveness of tools, and (3) identify gaps in tools and methods. Our scope is very broad: from operating systems to firewalls, from SCADA to web services, from source code analyzers to correct-by-construction methods. For each class of tool or method, we will lead test development and effectiveness measurement.
To reach these goals, the project needs a panel to advise on the following issues:
- A taxonomy of all software security assurance tools and methods.
- The order in which classes of tools and methods should be addressed.
- Identifying domain experts for each class to comment on specifications, test plans, and test cases.
We believe people with the following characteristics will be excellent panel members:
- expertise in software security and security assurance
- familiarity with many domains
- contact with the worldwide software security assurance community
- mix of academic, government, and industry
The panel meets face-to-face about once a year at mutually agreeable times and places. Between meetings email is exchanged approximately bimonthly to comment on drafts or new tool classes.
The panel first met on April 3 & 4 2007 at NIST.
This is not a funded position.
We seek additional members, especially from outside the United States.
- Chief Executive Officer
- KDM Analytics
Paul R. Croll
- Convener, ISO/IEC JTC1/SC7 WG9
- Industry Co-Chair, NDIA Systems Assurance Committee
- Computer Sciences Corporation
Brett D. Fleisch
- Program Director
- Parallel and Distributed Operating Systems
- Computing Systems Cluster
- U.S. National Science Foundation
- Global Chief Information Security Officer
- Tyco International
Joe Jarzombek, PMP
- Director for Software Assurance
- National Cyber Security Division
- U.S. Department of Homeland Security
Paul L. Jones
- Center for Devices and Radiological Health
- U.S. Food and Drug Administration
Pradeep K. Khosla
- Dean, College of Engineering
- Dowd Professor of Engineering
- Carnegie Mellon University
James W. Moore
- CSDP, F-IEEE
- The MITRE Corp
- Center for National Software Studies
- Dept. of Computer Science
- Univ. of Maryland
Daniel J. Quinlan
- Senior Research Scientist
- Lawrence Livermore National Laboratory
- Sam Redwine Consulting
Howard A. Schmidt
- President & CEO
- R & H Security Consulting LLC
- member, American Academy of Forensic Scientists
Kenneth R. van Wyk
- CERT Certified Computer Security Incident Handler
- KRvW Associates, LLC
- Science Applications International Corporation
- Information Assurance Directorate
- U.S. National Security Agency
Dr. David O. Ward
- Professor of Practice
- Department of Business and Information Technology
- Capitol College
- Chief Operating Officer
- Aspect Security