Software must be developed to have high quality: quality cannot be "tested in". However auditors, certifiers, and others must assess the quality of software they receive. "Black-box" software testing cannot realistically find maliciously implanted Trojan horses or subtle errors which have many preconditions. For maximum reliability and assurance, static analysis must be used in addition to good development and testing. Static analyzers are quite capable and are developing quickly. Yet, developers, auditors, and examiners could use far more capabilities.
The goals of the Static Analysis Tool Exposition (SATE) V are to:
Briefly, participating tool makers run their tools on a set of programs. Researchers led by NIST analyze the tool reports. This workshop is the first chance the public will have to hear SATE V observations and conclusions. For this edition the set of programs includes five large, open-source tools selected for having known (CVE-reported) vulnerabilities and also most of the Juliet test suite, almost 90,000 synthetic test cases in C/C++ and Java. We will also recognize sound analyzers through the SATE V Ockham Sound Analysis Criteria.
Please visit our Visitors Page for information.
If you are not registered, you will not be allowed on site. Registered attendees will receive security and campus instructions prior to the workshop.
NON U.S. CITIZENS PLEASE NOTE: All foreign national visitors who do not have permanent resident status and who wish to register for the above meeting must supply additional information. Failure to provide this information prior to arrival will result, at a minimum, in significant delays (up to 24 hours) in entering the facility. Authority to gather this information is derived from United States Department of Commerce Department Administrative Order (DAO) number 207-12. When registration is open, the required NIST-1260 form will be available as well.