Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Vadim Okun; Romain Gaucher; Paul E. Black;|
|Title:||Static Analysis Tool Exposition (SATE) 2008|
|Published:||June 22, 2009|
|Abstract:||The NIST SAMATE project conducted the first Static Analysis Tool Exposition (SATE) in 2008 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test sets and to encourage improvement and speed adoption of tools. The exposition was planned to be an annual event. Briefly, participating tool makers ran their tool on a set of programs. Researchers led by NIST performed a partial analysis of tool reports. The results and experiences were reported at the Static Analysis Workshop in Tucson, AZ, in June, 2008. The tool reports and analysis were made publicly available in early 2009. This special publication consists of the following papers. "Review of the First Static Analysis Tool Exposition (SATE 2008)" by Vadim Okun, Romain Gaucher, and Paul E. Black, describes the SATE procedure, provides observations based on the data collected, and critiques the exposition, including the lessons learned that may help future expositions. Paul Anderson's "Commentary on CodeSonar's SATE Results" has comments by one of the participating tool makers. Steve Christey presents his experiences in analysis of tool reports and discusses the SATE issues in "SATE Lessons Learned and Future Directions".|
|Citation:||Special Publication (NIST SP) - 500-279|
|Pages:||pp. 1 - 64|
|Keywords:||Software security, static analysis tools, security weaknesses, vulnerability|
|PDF version:||Click here to retrieve PDF version of paper (736KB)|