Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

SAMATE Publications

Papers and Reports | Workshops | Other Publications

We also have a bibliography of other relevant papers and publications.

Papers and Reports

Workshops 

Other Presentations 

Many of these are available from us.

  • Toward a "Periodic Table" of Bugs, or, How Can I Really Tell What’s Wrong With My Code?, 18 November 2015, OWASP Northern Virginia Chapter, Paul E. Black.
  • SARD: A Software Assurance Reference Dataset, 10 September 2015, 2015 Cybersecurity Innovation Forum, Washington D.C., Paul E. Black.
  • Towards a "Periodic Table" of Bugs, 7 May 2015, 15th High Confidence Software and Systems Conference (HCSS), Annapolis, Maryland, Paul E. Black, Irena Bojanova, Yaacov Yesha, and Yan Wu.
  • A More Orthogonal Encyclopedia of Software Weaknesses than CWE, 15 April 2015, Software Security Assurance Exploratory Group, Washington, D.C., Paul E. Black, Irena Bojanova, Yaacov Yesha, and Yan Wu.
  • Toward Precise and Accurate Descriptions of Weaknesses, May 2014, 14th High Confidence Software and Systems Conference (HCSS), Annapolis, Maryland, Paul E. Black.
  • SATE V background, 14 March 2014, Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Vadim Okun.
  • Synthetic Test Cases (Juliet) Analysis Results, 14 March 2014, Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Aurelien Delaitre.
  • SATE V Ockham Sound Analysis Criteria, 14 March 2014, Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Paul E. Black.
  • CVE-Selected Analysis Results, 14 March 2014, Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Bertrand Stivalet.
  • Counting Bugs is Harder Than You Think, 26 October 2012, University of Pretoria, Paul E. Black.
  • Choosing the Right Software Assurance Tools, 18 September 2012, Software Assurance Forum Fall 2012, MITRE, Virginia, Paul E. Black.
  • Road to Confidence in IT Systems: SAMATE's SATE and SARD projects, 26 May 2012, Information Security and Privacy Advisory Board (ISPAB) Workshop (NIST), Paul E. Black.
  • Toward CWE Compatibility Effectiveness, 31 October 2011, 7th Annual IT Security Automation Conference, Paul E. Black.
  • Static Analysis & Static Analysis Tools: Their Role in Software Development, 28 October 2011, Information-technology Promotion Agency (IPA) Software Engineering Center, Japan, Paul E. Black. 
  • Software Vulnerabilities Precluded by SPARK, 6 May 2011, 11th annual High Confidence Software and Systems Conference, Paul E. Black.
  • View on Software Conformance Testing, 26 Aug 2010, Software Certification Consortium, Paul E. Black.
  • Static Analysis Tool Exposition (SATE) and Reality, 13 May 2010, NSA CAS Workshop at HCSS, Paul E. Black.
  • The Role of Static Analysis in Software Development, 16 April 2010, ACCU 2010, Paul E. Black.
  • Product Labeling, 11 March 2010, 12th Semi-Annual Software Assurance Forum, Paul E. Black.
  • Evaluating Static Analysis Tools, 8 July 2009, CNW at MIT/Lincoln Labs, Paul E. Black.
  • Static Analysis Tool Exposition (SATE), 17 June 2009, DHS SwA Forum, Vadim Okun.
  • Problems Counting Weaknesses from Static Analysis Tool Exposition (SATE), 22 May 2009, CAS SwA Forum at HCSS, Paul E. Black.
  • Code Transparency and Diagnostic Capabilities, 21 April 2009, SSTC, Paul E. Black.
  • Can Tools Help Software Assurance?, 29 August 2008, briefing to INFOSEC Research Council, Paul E. Black.
  • Briefing on Static Analysis Tool Exposition (SATE) 2008, 25 June 2008, Center for Assured Software (CAS) Software Assurance Workshop, Paul E. Black.
  • Observations on Static Analysis to Detect Weaknesses, 12 June 2008, SAW, Paul E. Black.
  • SATE 2008 background, 12 June 2008, SAW, Vadim Okun.
  • TT&PE Working Group Outbrief, 07 May 2008, DHS Forum Plenary Session, Michael Kass.
  • Software Bugtraps: Software That Makes Software Better, 7 May 2008, DHS Software Assurance Forum, Paul E. Black.
  • Code Transparency Panel: What's in YOUR Code?, 7 May 2008, DHS Software Assurance Forum, Paul E. Black (facilitator).
  • Coordinating Session for May DHS Forum, 31 March 2008, DHS Working Group Chair Strategy Meeting, Michael Kass.
  • Software Assurance Case NIST Role, 13 March 2008, OMG Software Assurance AB SIG meeting, Elizabeth Fong.
  • Panel Discussion on SwA Tool Testing, 11 March 2008, OMG Government Information Days, Michael Kass.
  • SAMATE Project Update; Understanding Web App Scanners, 31 January 2008, DHS Software Assurance Working Group, Paul E. Black and Romain Gaucher.
  • Testing Web Application Scanner Tools, 30 October 2007, Verify Conference, Elizabeth Fong and Romain Gaucher.
  • Source Code Security: WHY?, 9 August 2007, NIST SURF Review, Nathaniel Vaughn.
  • Designing test cases for security analyzers, 9 August 2007, NIST SURF Review, Jonathan Diamond.
  • C/C++/Java Source Code Obfuscator: A Filename Scrambler to Minimize Collisions, 1 August 2007, SAMATE Group Meeting, Cyril Lan.
  • SAMATE Update: Web App & Source Code Analysis Tools, July 2007, DHS Software Assurance Working Group, Paul E. Black.
  • Upcoming SAMATE Projects, May 2007, DHS Software Assurance Forum, Paul E. Black.
  • SAMATE, May 2007, NIST, Paul E. Black.
  • A Standard Reference Dataset (SRD) for Software Security, 5 March 2007, NIST, Paul E. Black.
  • Software Assurance Metrics And Tool Evaluation, 22 January 2007, DHS Software Assurance Forum, Paul E. Black.
  • SAMATE Source Code Security Analysis Specification, 22 January 2007, DHS Software Assurance Forum, Mike Kass.
  • SAMATE Source Code Analysis Tool Test Plan, 22 January 2007, DHS Software Assurance Forum, Mike Koo.
  • SAMATE Web Application Scanner Tool Testing, 22 January 2007, DHS Software Assurance Forum, Elizabeth Fong.
  • Effect of Source Code Analysis Tools on Software Security: Preliminary Assessment, 22 January 2007, DHS Software Assurance Forum, Vadim Okun.
  • Software Assurance Metrics And Tool Evaluation, or, Does the Emperor Really Have New Clothes?, October 2006, Tactical Information Assurance, Paul E. Black.
  • Software Assurance Metrics and Tool Evaluation to Enhance Software Security, 8 August 2006, NIST SURF Review, Jeff Meister.
  • Security Flaws & Testing, 14 April 2006, Virginia State University, Paul E. Black.
  • Languages, 14 April 2006, Virginia State University, Paul E. Black.
  • SAMATE and Web Application Vulnerability Assessment Tools, March 16, 2006, DHS Forum, Elizabeth Fong.
  • Secure Software Tool Evaluation, March 2006, Lawrence Livermore National Laboratory, Paul E. Black.
  • The SAMATE Project and How it Helps Enhance Software Trustworthiness, February 2006, OMG Technical Meeting, Vadim Okun.
  • The Software Assurance Metrics and Tool Evaluation (SAMATE) Project, October 2005, OWASP AppSec DC, Paul E. Black.
  • Software Assurance Metrics And Tool Evaluation, July 2005, DHS Software Assurance Forum, Paul E. Black.
  • Testing, SAMATE, and Metrics, April 2005, Workshop on Assessment of IT Forensic Tools, Paul E. Black.
Created February 3, 2021, Updated October 16, 2023