SAMATE and Evaluating Static Analysis Tools
نویسنده
چکیده
We give some background on the Software Assurance Metrics And Tool Evaluation (SAMATE) project and our decision to work on static source code security analyzers. We give our experience bringing government, vendors, and users together to develop a specification and tests to evaluate such analyzers. We also present preliminary results of our study on whether such tools reduce vulnerabilities in practice.
منابع مشابه
Impact of Code Complexity On Software Analysis
The Software Assurance Metrics and Tool Evaluation (SAMATE) team studied thousands of warnings from static analyzers. Tools have difficulty distinguishing between the absence of a weakness and the presence of a weakness that is buried in otherwise-irrelevant code elements. This paper presents classes of these code elements, which we call “code complexities.” They have been present in software a...
متن کاملStatic Analysis Tool Exposition ( SATE ) 2008 Editors : Vadim Okun Romain
The NIST SAMATE project conducted the first Static Analysis Tool Exposition (SATE) in 2008 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test sets and to encourage improvement and speed adoption of tools. The exposition was planned to be an annual event. Briefly, participating tool ...
متن کاملReport on the Third Static Analysis Tool Exposition ( SATE 2010 ) Editors : Vadim Okun
The NIST Software Assurance Metrics And Tool Evaluation (SAMATE) project conducted the third Static Analysis Tool Exposition (SATE) in 2010 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test sets, encourage improvements to tools, and promote broader and more rapid adoption of tools ...
متن کاملEvaluating the Validity of Quasi-Static Analysis for Prediction of Vessel Mooring Line Forces
Quasi-Static analysis of moored vessels is vastly used for engineering designs, as a substitute to the numerical simulation of dynamic mooring analysis. Yet, the level of validity of the results of quasi-static analysis is a matter of discussion. In the present study, the validation of the assumptions behind the quasi-static analysis of mooring vessels is examined with application of a dynamic ...
متن کاملNumerical Computation of Rolling Resistance Based on the Result of Tire/Road Static Contact Analysis
Among various dissipating mechanisms, the viscoelastic effect of rubber material on creation of rolling resistance is responsible for 10-33% dissipation of supplied power at the tire/road interaction surface. So, evaluating this kind of loss is very essential in any analysis concerned with improving the fuel consumption of vehicles and resultantly energy savage. Hysteretic loss is a fraction of...
متن کامل