Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Paul E. Black (Assoc)

Displaying 76 - 100 of 180

Report on the Third Static Analysis Tool Exposition (SATE 2010)

October 27, 2011

Author(s)

Vadim Okun, Paul E. Black, Aurelien M. Delaitre

The NIST Software Assurance Metrics And Tool Evaluation (SAMATE) project conducted the third Static Analysis Tool Exposition (SATE) in 2010 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were

Counting Bugs is Harder Than You Think

October 20, 2011

Author(s)

Paul E. Black

Software Assurance Metrics And Tool Evaluation (SAMATE) is a broad, inclusive project at the U.S. National Institute of Standards and Technology (NIST) with the goal of improving software assurance by developing materials, specifications, and methods to

NIST SP 500-268, Source Code Security Analysis Tool Function Specification Version 1.1

February 28, 2011

Author(s)

Elizabeth N. Fong, Paul E. Black, Michael J. Kass, Hsiao-Ming M. Koo

Software assurance tools are a fundamental resource to improve assurance in today's software applications. Some tools analyze software requirements or design models to help determine if an application is secure. Others analyze source code or executables

The Second Static Analysis Tool Exposition (SATE) 2009

July 2, 2010

Author(s)

Vadim Okun, Paul E. Black, Aurelien M. Delaitre

The NIST SAMATE project conducted the second Static Analysis Tool Exposition (SATE) in 2009 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test

Static Analysis Tool Exposition (SATE) 2008

June 22, 2009

Author(s)

Vadim Okun, Romain Gaucher, Paul E. Black

The NIST SAMATE project conducted the first Static Analysis Tool Exposition (SATE) in 2008 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test

Cyber Security Metrics and Measures

March 2, 2009

Author(s)

Paul E. Black, Karen A. Scarfone, Murugiah P. Souppaya

Metrics are tools to facilitate decision making and improve performance and accountability. Measures are quantifiable, observable, and objective data supporting metrics. Operators can use metrics to apply corrective actions and improve performance

Static Analyzers in Software Engineering

March 2, 2009

Author(s)

Paul E. Black

Static analyzers can report possible problems in code and help reinforce good practices of developers. We contrast the strengths of static analyzers with testing and indicate the current state of the art.

Proceedings of the Static Analysis Workshop (SAW 2008)

June 12, 2008

Author(s)

Paul E. Black, Elizabeth N. Fong

Static Analysis Workshop (SAW 2008) was held on June 12, 2008 in Tucson, Arizona and was co-located with ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation (PLDI 2008). This workshop followed Static Analysis Summit, held in 2006

Proceedings of Static Analysis Summit II

April 1, 2008

Author(s)

Paul E. Black, Elizabeth N. Fong

Static Analysis Summit II was held 8 and 9 November 2007. The workshop had a keynote address by Professor William Pugh, paper presentations, discussion sessions, a panel on Obfuscation Versus Analysis Who Will Win? , and a new technology demonstration fair

Software Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0

February 14, 2008

Author(s)

Paul E. Black, Elizabeth N. Fong, Vadim Okun, Romain Gaucher

Software assurance tools are a fundamental resource for providing an assurance argument for today's software applications throughout the software development lifecycle (SDLC). Software requirements, design models, source code, and executable code are

Building a Test Suite for Web Application Scanners

January 7, 2008

Author(s)

Elizabeth N. Fong, Romain Gaucher, Vadim Okun, Paul E. Black, Eric Dalci

This paper describes the design of a test suite for thorough evaluation of web application scanners. Web application scanners are automated, black-box testing tools that examine web applications for security vulnerabilities. For several common

Effect of Static Analysis Tools on Software Security: Preliminary Investigation

October 29, 2007

Author(s)

Vadim Okun, William F. Guthrie, Romain Gaucher, Paul E. Black

Static analysis tools can handle large-scale software and find thousands of defects. But do they improve software security? We evaluate the effect of static analysis tool use on software security in open source projects. We measure security by

Software Assurance with SAMATE Reference Dataset, Tool Standards, and Studies

October 1, 2007

Author(s)

Paul E. Black

Today's avionics systems depend more and more on software from many sources: vendors, subcontractors, in-house, and open source. System interactions are exposed to external agents in contexts from air-to-ground links to OS patches downloaded via the