Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Hsiao-Ming M. Koo; Romain Gaucher; Charline Cleraux; Jenise Reyes Rodriguez;|
|Title:||Source Code Security Analysis Tool Test Plan|
|Published:||October 04, 2011|
|Abstract:||This document provides a set of metrics, including test suites and methods, to determine how well a particular source code security analysis tool conforms to the requirements specified in Source Code Security Analysis Tool Functional Specification Version 1.0 [SCA]. Each relevant programming language in [SCA] has a corresponding set of test suites. The test suites are intended to be used by tool developers and tool users alike to increase their level of confidence in product quality. Each test suite consists of test cases that are designed to evaluate against various requirements of [SCA], including mandatory features and optional features. Each test case contains test description, weakness contained in the test case, expected result and test code. The detailed information of the test case, such as start parameters, procedures for executing a test file and test file itself can be retrieved from the SAMATE Reference Dataset (SRD) http://samate.nist.gov/SRD/. As this document evolves, new versions will be posted to the web site at http://samate.nist.gov/index.php/Source_Code_Security_Analysis.html.|
|Citation:||Special Publication (NIST SP) - 500-270|
|Keywords:||Source code security analysis tool, test plan, test methodology, test suite|
|Research Areas:||Conformance Testing|
|PDF version:||Click here to retrieve PDF version of paper (557KB)|