Static Analysis Summit II was held 8 and 9 November 2007. The workshop had a keynote address by Professor William Pugh, paper presentations, discussion sessions, a panel on Obfuscation Versus Analysis Who Will Win? , and a new technology demonstration fair. The workshop is one of a series by NIST s Software Assurance Metrics and Tool Evaluation (SAMATE) project, which is partially funded by DHS to help identify and enhance software security assurance tools. The Call for Papers pointed out that "Black-box" testing cannot realistically find maliciously implanted Trojan horses or subtle errors with many preconditions. For maximum assurance, static analysis must be applied to all levels of software artifacts, from models to source code to binaries. Static analyzers are quite capable and are developing quickly. Yet, developers, auditors, and examiners could use far more capabilities. The goal of this summit is to convene researchers, developers, and government and industrial users to define obstacles to such urgently-needed capabilities and try to identify feasible approaches to overcome them, either engineering ("solved" problems) or research. The Call for Papers solicited contributions describing basic research, applications, experience, or proposals relevant to static analysis tools, techniques, and their evaluation. These proceedings include the agenda, some notes on the discussions, and reviewed papers.
Citation: ADA Letters
Pub Type: Journals
Homeland security, proceedings, SAMATE, static analysis tools, source code analyzer, software assurance.