Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

SAMATE Publications

Papers and Reports | Workshops | Other Publications

We also have a bibliography of other relevant papers and publications.

Papers and Reports

Workshops 

Other Presentations 

Many of these are available from us.

  • Toward a "Periodic Table" of Bugs, or, How Can I Really Tell What’s Wrong With My Code?18 November 2015OWASP Northern Virginia ChapterPaul E. Black.
  • SARD: A Software Assurance Reference Dataset10 September 2015, 2015 Cybersecurity Innovation Forum, Washington D.C., Paul E. Black.
  • Towards a "Periodic Table" of Bugs7 May 201515th High Confidence Software and Systems Conference (HCSS), Annapolis, Maryland, Paul E. Black, Irena Bojanova, Yaacov Yesha, and Yan Wu.
  • A More Orthogonal Encyclopedia of Software Weaknesses than CWE15 April 2015, Software Security Assurance Exploratory Group, Washington, D.C., Paul E. Black, Irena Bojanova, Yaacov Yesha, and Yan Wu.
  • Toward Precise and Accurate Descriptions of WeaknessesMay 201414th High Confidence Software and Systems Conference (HCSS), Annapolis, Maryland, Paul E. Black.
  • SATE V background14 March 2014Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Vadim Okun.
  • Synthetic Test Cases (Juliet) Analysis Results14 March 2014Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Aurelien Delaitre.
  • SATE V Ockham Sound Analysis Criteria14 March 2014Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Paul E. Black.
  • CVE-Selected Analysis Results14 March 2014Static Analysis Tool Exposition Workshop (SATE V), NIST, Gaithersburg, Maryland, Bertrand Stivalet.
  • Counting Bugs is Harder Than You Think26 October 2012, University of Pretoria, Paul E. Black.
  • Choosing the Right Software Assurance Tools18 September 2012, Software Assurance Forum Fall 2012, MITRE, Virginia, Paul E. Black.
  • Road to Confidence in IT Systems: SAMATE's SATE and SARD projects26 May 2012, Information Security and Privacy Advisory Board (ISPAB) Workshop (NIST), Paul E. Black.
  • Toward CWE Compatibility Effectiveness31 October 2011, 7th Annual IT Security Automation Conference, Paul E. Black.
  • Static Analysis & Static Analysis Tools: Their Role in Software Development28 October 2011, Information-technology Promotion Agency (IPA) Software Engineering Center, Japan, Paul E. Black
  • Software Vulnerabilities Precluded by SPARK6 May 2011, 11th annual High Confidence Software and Systems Conference, Paul E. Black.
  • View on Software Conformance Testing26 Aug 2010, Software Certification Consortium, Paul E. Black.
  • Static Analysis Tool Exposition (SATE) and Reality13 May 2010, NSA CAS Workshop at HCSS, Paul E. Black.
  • The Role of Static Analysis in Software Development16 April 2010ACCU 2010Paul E. Black.
  • Product Labeling11 March 2010, 12th Semi-Annual Software Assurance Forum, Paul E. Black.
  • Evaluating Static Analysis Tools8 July 2009, CNW at MIT/Lincoln Labs, Paul E. Black.
  • Static Analysis Tool Exposition (SATE)17 June 2009, DHS SwA Forum, Vadim Okun.
  • Problems Counting Weaknesses from Static Analysis Tool Exposition (SATE)22 May 2009, CAS SwA Forum at HCSS, Paul E. Black.
  • Code Transparency and Diagnostic Capabilities21 April 2009, SSTC, Paul E. Black.
  • Can Tools Help Software Assurance?29 August 2008, briefing to INFOSEC Research Council, Paul E. Black.
  • Briefing on Static Analysis Tool Exposition (SATE) 200825 June 2008, Center for Assured Software (CAS) Software Assurance Workshop, Paul E. Black.
  • Observations on Static Analysis to Detect Weaknesses12 June 2008SAWPaul E. Black.
  • SATE 2008 background12 June 2008SAWVadim Okun.
  • TT&PE Working Group Outbrief, 07 May 2008, DHS Forum Plenary Session, Michael Kass.
  • Software Bugtraps: Software That Makes Software Better7 May 2008, DHS Software Assurance Forum, Paul E. Black.
  • Code Transparency Panel: What's in YOUR Code?7 May 2008, DHS Software Assurance Forum, Paul E. Black (facilitator).
  • Coordinating Session for May DHS Forum31 March 2008, DHS Working Group Chair Strategy Meeting, Michael Kass.
  • Software Assurance Case NIST Role13 March 2008, OMG Software Assurance AB SIG meeting, Elizabeth Fong.
  • Panel Discussion on SwA Tool Testing11 March 2008, OMG Government Information Days, Michael Kass.
  • SAMATE Project Update; Understanding Web App Scanners31 January 2008, DHS Software Assurance Working Group, Paul E. Black and Romain Gaucher.
  • Testing Web Application Scanner Tools30 October 2007, Verify Conference, Elizabeth Fong and Romain Gaucher.
  • Source Code Security: WHY?9 August 2007, NIST SURF Review, Nathaniel Vaughn.
  • Designing test cases for security analyzers9 August 2007, NIST SURF Review, Jonathan Diamond.
  • C/C++/Java Source Code Obfuscator: A Filename Scrambler to Minimize Collisions1 August 2007, SAMATE Group Meeting, Cyril Lan.
  • SAMATE Update: Web App & Source Code Analysis ToolsJuly 2007, DHS Software Assurance Working Group, Paul E. Black.
  • Upcoming SAMATE ProjectsMay 2007, DHS Software Assurance Forum, Paul E. Black.
  • SAMATEMay 2007, NIST, Paul E. Black.
  • A Standard Reference Dataset (SRD) for Software Security5 March 2007, NIST, Paul E. Black.
  • Software Assurance Metrics And Tool Evaluation22 January 2007, DHS Software Assurance Forum, Paul E. Black.
  • SAMATE Source Code Security Analysis Specification22 January 2007, DHS Software Assurance Forum, Mike Kass.
  • SAMATE Source Code Analysis Tool Test Plan22 January 2007, DHS Software Assurance Forum, Mike Koo.
  • SAMATE Web Application Scanner Tool Testing22 January 2007, DHS Software Assurance Forum, Elizabeth Fong.
  • Effect of Source Code Analysis Tools on Software Security: Preliminary Assessment22 January 2007, DHS Software Assurance Forum, Vadim Okun.
  • Software Assurance Metrics And Tool Evaluation, or, Does the Emperor Really Have New Clothes?October 2006, Tactical Information Assurance, Paul E. Black.
  • Software Assurance Metrics and Tool Evaluation to Enhance Software Security8 August 2006, NIST SURF Review, Jeff Meister.
  • Security Flaws & Testing14 April 2006, Virginia State University, Paul E. Black.
  • Languages14 April 2006, Virginia State University, Paul E. Black.
  • SAMATE and Web Application Vulnerability Assessment ToolsMarch 16, 2006, DHS Forum, Elizabeth Fong.
  • Secure Software Tool EvaluationMarch 2006, Lawrence Livermore National Laboratory, Paul E. Black.
  • The SAMATE Project and How it Helps Enhance Software TrustworthinessFebruary 2006, OMG Technical Meeting, Vadim Okun.
  • The Software Assurance Metrics and Tool Evaluation (SAMATE) ProjectOctober 2005, OWASP AppSec DC, Paul E. Black.
  • Software Assurance Metrics And Tool EvaluationJuly 2005, DHS Software Assurance Forum, Paul E. Black.
  • Testing, SAMATE, and MetricsApril 2005, Workshop on Assessment of IT Forensic Tools, Paul E. Black.
Created February 3, 2021, Updated July 16, 2021