NIST logo
*

Static Analysis Tool Exposition (SATE) V Experience Workshop

Purpose:

Software must be developed to have high quality: quality cannot be "tested in". However auditors, certifiers, and others must assess the quality of software they receive. "Black-box" software testing cannot realistically find maliciously implanted Trojan horses or subtle errors which have many preconditions. For maximum reliability and assurance, static analysis must be used in addition to good development and testing. Static analyzers are quite capable and are developing quickly. Yet, developers, auditors, and examiners could use far more capabilities.

The goals of the Static Analysis Tool Exposition (SATE) V are to:

  • Enable empirical research based on large test sets
  • Encourage improvement of tools
  • Speed adoption of tools by objectively demonstrating their use on real software
  •  

    Briefly, participating tool makers run their tools on a set of programs. Researchers led by NIST analyze the tool reports. This workshop is the first chance the public will have to hear SATE V observations and conclusions. For this edition the set of programs includes five large, open-source tools selected for having known (CVE-reported) vulnerabilities and also most of the Juliet test suite, almost 90,000 synthetic test cases in C/C++ and Java. We will also recognize sound analyzers through the SATE V Ockham Sound Analysis Criteria.

    Agenda:

    This workshop has two goals. First, gather participants and organizers of SATE to share experiences, report interesting observations, and discuss lessons learned. The workshop is also an opportunity for attendees to help shape the next exposition, SATE VI. 

    The second goal is to convene researchers, tool developers, and government and industrial users of software assurance tools to define obstacles to urgently-needed software assurance capabilities and identify engineering or research approaches to overcome them. This workshop follows similar workshops for SATE IV, SATE 2010, SATE 2009, and SATE 2008 (at SAW), the Static Analysis Summit II (at SIGAda 2007), and the first Static Analysis Summit in 2006.

    Security Instructions:

    If you are not registered, you will not be allowed on site. Registered attendees will receive security and campus instructions prior to the workshop.

    NON U.S. CITIZENS PLEASE NOTE: All foreign national visitors who do not have permanent resident status and who wish to register for the above meeting must supply additional information. Failure to provide this information prior to arrival will result, at a minimum, in significant delays (up to 24 hours) in entering the facility. Authority to gather this information is derived from United States Department of Commerce Department Administrative Order (DAO) number 207-12. When registration is open, the required NIST-1260 form will be available as well.

    Related Project(s):

    Details:

    Start Date: Friday, March 14, 2014
    End Date: Friday, March 14, 2014
    Location: NIST,100 Bureau Drive, Gaithersburg, MD, 20899
    Audience: Industry, Government, Academia
    Format: Workshop

    Registration:

    This is a free event. Registration is required. Registration closes COB March 7, 2014.

    Registration Contact:

     Angela Ellis, 301-975-3881

    Accommodations:

    Please visit our Visitors Page for information.

    Technical Contact: