An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Opaque Wrappers and Patching: Negative Results, November 2019, Computer, 52(12):89-93, Paul E. Black and Monika Singh. DOI 10.1109/MC.2019.2936071. PMCID PMC7066996.
SARD: Thousands of Reference Programs for Software Assurance, October 2017, Journal of Cyber Security and Information Systems - Tools & Testing Techniques for Assured Software - DoD Software Assurance Community of Practice: Volume 2, 5(3):6-13, Paul E. Black.
Improving Software Assurance through Static Analysis Tool Expositions, October 2017, Journal of Cyber Security and Information Systems - Tools & Testing Techniques for Assured Software - DoD Software Assurance Community of Practice: Volume 2, 5(3):14-22, Terry S. Cohen, Damien Cupif, Aurelien Delaitre, Charles D. De Oliveira, Elizabeth Fong, and Vadim Okun.
Impact of Code Complexity on Software Analysis, February 2017, NIST Internal Report (IR) 8165 Update 1, Charles D. DeOliveira, Elizabeth Fong, and Paul E. Black. DOI 10.6028/NIST.IR.8165-upd1.
Defeating Buffer Overflow: A Trivial but Dangerous Bug, November/December 2016, IT Professional, 18(6):58-61, Paul E. Black and Irena Bojanova. DOI 10.1109/MITP.2016.117.
Report of the Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV), October 2016, National Institute of Standards and Technology (NIST) Special Publication (SP) 500-320, Paul E. Black and Elizabeth Fong. DOI 10.6028/NIST.SP.500-320.
The Bugs Framework (BF): A Structured Approach to Express Bugs, August 2016, 2016 IEEE International Conference on Software Quality, Reliability, and Security (QRS 2016), Vienna, Austria, Irena Bojanova, Paul E. Black, Yaacov Yesha, and Yan Wu. DOI 10.1109/QRS.2016.29.
Juliet 1.1 C/C++ and Java Test Suite, October 2012, Computer, 45(10):88-90, Tim Boland and Paul E. Black. DOI 10.1109/MC.2012.345.
Static Analyzers: Seat Belts for Your Code, May-June 2012, Security & Privacy, 10(3):48-52, Paul E. Black, DOI 10.1109/MSP.2012.2.
Software Vulnerabilities Precluded by SPARK, November 2011, ACM Int'l Conf. on Ada and Related Technologies: Engineering Safe, Secure, and Reliable Software (SIGAda 2011), Paul E. Black (NIST), Chris E. Dupilka (U.S. DoD), F. David Jones, and Joyce Tokar (Pyrrhus Software).
Counting Bugs is Harder Than You Think, September 2011, 11th IEEE Int'l Working Conference on Source Code Analysis and Manipulation (SCAM 2011), Williamsburg, VA, Paul E. Black.
BF Keynote-Explainable Vulnerabilities Descriptions with NIST BF, 31 October 2022, IEEE International Symposium on Software Reliability Engineering, Software Hardware Interaction Faults & International Workshop on Software Faults (ISSRE, SHIFT & IWSF 2022), Irena Bojanova.
Information Exposure (IEX): A New Class in the Bugs Framework (BF), 15 July 2019, 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Irena Bojanova.
Bugs Framework (BF), 1 February 2018, Networking and Information Technology Research and Development (NITRD) Program, National Coordination Office (NCO), SPSQ, Irena Bojanova, Paul E. Black.
A More Orthogonal Encyclopedia of Software Weaknesses than CWE, 15 April 2015, Software Security Assurance Exploratory Group, Washington, D.C., Paul E. Black, Irena Bojanova, Yaacov Yesha, and Yan Wu.
Formalizing Software Bugs, 9 December 2014, NIST ITL SSD Division Chief meeting with the Information-technology Promotion Agency (IPA), Japan delegation, NIST 222/A318, Irena Bojanova.
Counting Bugs is Harder Than You Think, 26 October 2012, University of Pretoria, Paul E. Black.
Choosing the Right Software Assurance Tools, 18 September 2012, Software Assurance Forum Fall 2012, MITRE, Virginia, Paul E. Black.
Road to Confidence in IT Systems: SAMATE's SATE and SARD projects, 26 May 2012, Information Security and Privacy Advisory Board (ISPAB) Workshop (NIST), Paul E. Black.
Toward CWE Compatibility Effectiveness, 31 October 2011, 7th Annual IT Security Automation Conference, Paul E. Black.
Static Analysis & Static Analysis Tools: Their Role in Software Development, 28 October 2011, Information-technology Promotion Agency (IPA) Software Engineering Center, Japan, Paul E. Black.
Designing test cases for security analyzers, 9 August 2007, NIST SURF Review, Jonathan Diamond.
C/C++/Java Source Code Obfuscator: A Filename Scrambler to Minimize Collisions, 1 August 2007, SAMATE Group Meeting, Cyril Lan.
SAMATE Update: Web App & Source Code Analysis Tools, July 2007, DHS Software Assurance Working Group, Paul E. Black.
Upcoming SAMATE Projects, May 2007, DHS Software Assurance Forum, Paul E. Black.
SAMATE, May 2007, NIST, Paul E. Black.
A Standard Reference Dataset (SRD) for Software Security, 5 March 2007, NIST, Paul E. Black.
Software Assurance Metrics And Tool Evaluation, 22 January 2007, DHS Software Assurance Forum, Paul E. Black.
SAMATE Source Code Security Analysis Specification, 22 January 2007, DHS Software Assurance Forum, Mike Kass.
SAMATE Source Code Analysis Tool Test Plan, 22 January 2007, DHS Software Assurance Forum, Mike Koo.
SAMATE Web Application Scanner Tool Testing, 22 January 2007, DHS Software Assurance Forum, Elizabeth Fong.
Effect of Source Code Analysis Tools on Software Security: Preliminary Assessment, 22 January 2007, DHS Software Assurance Forum, Vadim Okun.
Software Assurance Metrics And Tool Evaluation, or, Does the Emperor Really Have New Clothes?, October 2006, Tactical Information Assurance, Paul E. Black.
Software Assurance Metrics and Tool Evaluation to Enhance Software Security, 8 August 2006, NIST SURF Review, Jeff Meister.
Security Flaws & Testing, 14 April 2006, Virginia State University, Paul E. Black.
Languages, 14 April 2006, Virginia State University, Paul E. Black.
SAMATE and Web Application Vulnerability Assessment Tools, March 16, 2006, DHS Forum, Elizabeth Fong.
Secure Software Tool Evaluation, March 2006, Lawrence Livermore National Laboratory, Paul E. Black.
The SAMATE Project and How it Helps Enhance Software Trustworthiness, February 2006, OMG Technical Meeting, Vadim Okun.
The Software Assurance Metrics and Tool Evaluation (SAMATE) Project, October 2005, OWASP AppSec DC, Paul E. Black.
Software Assurance Metrics And Tool Evaluation, July 2005, DHS Software Assurance Forum, Paul E. Black.
Testing, SAMATE, and Metrics, April 2005, Workshop on Assessment of IT Forensic Tools, Paul E. Black.