[SAMATE Home | IntrO TO SAMATE | SARD | SATE | Bugs Framework | Publications | Tool Survey | Resources]
The NIST Software Assurance Metrics and Tool Evaluation (SAMATE) program began in 2005 to (1) test software security assurance evaluation tools, (2) measure the effectiveness of tools, and (3) identify gaps in tools and methods. Our scope is very broad: from operating systems to firewalls, from SCADA to web services, from source code analyzers to correct-by-construction methods. For each class of tool or method, we will lead test development and effectiveness measurement.
To reach these goals, the project needs a panel to advise on the following issues:
A taxonomy of all software security assurance tools and methods.
The order in which classes of tools and methods should be addressed.
Identifying domain experts for each class to comment on specifications, test plans, and test cases.
We believe people with the following characteristics will be excellent panel members:
- expertise in software security and security assurance
- familiarity with many domains
- contact with the worldwide software security assurance community
- mix of academic, government, and industry
The panel meets face-to-face about once a year at mutually agreeable times and places. Between meetings email is exchanged approximately bimonthly to comment on drafts or new tool classes.
The panel first met on April 3 & 4 2007 at NIST.
This is not a funded position.
We seek additional members, especially from outside the United States.
Members
Djenana Campara
Chief Executive Officer
KDM Analytics
Paul R. Croll
Convener, ISO/IEC JTC1/SC7 WG9
Industry Co-Chair, NDIA Systems Assurance Committee
Computer Sciences Corporation
Brett D. Fleisch
Program Director
Parallel and Distributed Operating Systems
Computing Systems Cluster
U.S. National Science Foundation
NSF/CISE/CNS
Gene Fredriksen
Global Chief Information Security Officer
Tyco International
Joe Jarzombek, PMP
Director for Software & Supply Chain Assurance
Office of Cyber Security and Communications
U.S. Department of Homeland Security
Paul L. Jones
Center for Devices and Radiological Health
U.S. Food and Drug Administration
Pradeep K. Khosla
Dean, College of Engineering
Dowd Professor of Engineering
Carnegie Mellon University
James W. Moore
CSDP, F-IEEE
The MITRE Corp
Don O'Neill
President
Center for National Software Studies
William Pugh
Dept. of Computer Science
Univ. of Maryland
Daniel J. Quinlan
Senior Research Scientist
Lawrence Livermore National Laboratory
Samuel Redwine
Principal
Sam Redwine Consulting
Howard A. Schmidt
President & CEO
R & H Security Consulting LLC
member, American Academy of Forensic Scientists
Kenneth R. van Wyk
CERT Certified Computer Security Incident Handler
KRvW Associates, LLC
Jeffrey Voas
Science Applications International Corporation
Larry Wagoner
Information Assurance Directorate
U.S. National Security Agency
Dr. David O. Ward
Professor of Practice
Department of Business and Information Technology
Capitol College
Dave Wichers
Chief Operating Officer
Aspect Security