Tool Survey
From SAMATE
Classes of Tools & Techniques
Here is a list of classes of software security assurance functions classified according to our tool taxonomy. The first group have web pages with comments or notes about the class. The last group in the table don't even have web pages.
Process | Automation | Approach | Viewpoint | |
---|---|---|---|---|
Assurance Case Tools | SWE manage | 1 | Mitigate(?) | Int |
Safer Languages | Implementation | 0 | Preclude | Int |
Design/Modeling Verification Tools | Design | 2/3 | Detect | Int |
Source Code Security Analyzers, Byte Code Scanners, Binary Code Scanners (SWEBOK 10 1.9) | Test | 2 | Detect | Int |
Web Application Scanners | Test/Operation | 2 | Detect | Ext |
Intrusion Detectors | Operation | 2 | Detect | Int |
Network Scanners | Operation | 2 | Detect | Ext |
Requirements Verification Tools | Requirements | 2/3 | Detect | Int |
Architecture Design Tools | Design | 1 | Preclude | Int |
Dynamic Analysis Tools | Test | 1 | Detect | Ext |
Web Services Network Scanners | Test/Operation | 2 | Detect | Ext |
Database Scanning Tools | Operation | 2 | Detect | Int |
Anti-Spyware Tools (A system assurance, not software assurance class) | Operation | 2/3 | Detect/React | Int |
Tool Integration Frameworks | Test/Operation | 2 | Detect | Int |
The following don't even have web pages. | ||||
Requirements modeling or tracing tools | Requirements | 1/2 | Detect | Int |
Use cases | Requirements | 0 | Detect | Int |
Constructive Approaches (Correct by construction) | Design/ Implementation | 1/2 | Preclude | Int |
Compiler, error checking | Implementation | 3 | Detect | Int |
Compiler, safety enforcing | Implementation | 3 | Preclude | Int |
Configuration management (SWEBOK 10 1.6) | Config manage | 0/2 | Preclude | Int |
Test generators, execution frameworks, test evaluation, test management, performance analysis (SWEBOK 10 1.4) Source code or binary fault injection, fault propagation analysis, fuzz testing (Goertzel 4.1.4.4.4-.9) | Test | 1/2 | Detect | Int |
Code review assistants (SWEBOK 10 1.9) | Test | 1 | Detect | Int |
Operator training | Operation | 1 | Preclude | Ext |
Firewall, Virtual Patch, or Wrapper | Operation | 3 | Mitigate | Int |
Forensic Security Analysis (Goertzel 4.1.4.4.12) | Operation | 1/2 | React | Int |
Software engineering management (SWEBOK 10 1.7) | SWE manage | 0/2 | Preclude | Int |
Software engineering process (SWEBOK 10 1.8) | SWE process | 0/2 | Preclude | Int |