U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Vadim Okun (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 53

Report on Secure Hardware Assurance Reference Dataset (SHARD) Program

October 1, 2024
Author(s)
Paul E. Black, Vadim Okun
Significant vulnerabilities have been found in chips. Computer programs and methods have been developed to prevent, find, and mitigate them. We proposed Secure Hardware Assurance Reference Dataset (SHARD) as a repository of reference examples (test cases)

SATE VI Report: Bug Injection and Collection

June 14, 2023
Author(s)
Aurelien Delaitre, Paul E. Black, Damien Cupif, Guillaume Haben, Loembe Alex-Kevin, Vadim Okun, Yann Prono, Aurelien Delaitre
The SATE VI report presents the results of a security-focused bug finding evaluation exercise carried out from 2018 to 2023 on various code bases using static analysis tools. Existing bugs were extracted from bug tracker reports and the CVE/NVD database

Guidelines on Minimum Standards for Developer Verification of Software

October 6, 2021
Author(s)
Paul E. Black, Vadim Okun, Barbara Guttman
Executive Order (EO) 14028, Improving the Nation's Cybersecurity, 12 May 2021, directs the National Institute of Standards and Technology (NIST) to recommend minimum standards for software testing within 60 days. This document describes eleven

SATE V Report: Ten Years of Static Analysis Tool Expositions

October 23, 2018
Author(s)
Aurelien M. Delaitre, Bertrand C. Stivalet, Paul E. Black, Vadim Okun, Terry S. Cohen, Athos Ribeiro
Software assurance has been the focus of the National Institute of Standards and Technology (NIST) Software Assurance Metrics and Tool Evaluation (SAMATE) team for many years.The Static Analysis Tool Exposition (SATE) is one of the team’s prominent

Improving Software Assurance through Static Analysis Tool Expositions

October 31, 2017
Author(s)
Terry S. Cohen, Damien J. Cupif, Aurelien M. Delaitre, Charles Daniel De Oliveira, Elizabeth N. Fong, Vadim Okun
Multiple techniques and tools prove effective for software assurance. One technique that has grown in acceptance since the early 2000s is static analysis, which examines software for weaknesses without executing it. The National Institute of Standards and

A Rational Foundation for Software Metrology

January 20, 2016
Author(s)
David W. Flater, Paul E. Black, Elizabeth N. Fong, Raghu N. Kacker, Vadim Okun, Stephen S. Wood, David R. Kuhn
Much software research and practice involves ostensible measurements of software, yet little progress has been made on an SI-like metrological foundation for those measurements since the work of Gray, Hogan, et al. in 1996-2001. Given a physical object

Evaluating Bug Finders: Test and Measurement of Static Code Analyzers

May 23, 2015
Author(s)
Aurelien M. Delaitre, Bertrand C. Stivalet, Elizabeth N. Fong, Vadim Okun
Software static analysis is one of many options for finding bugs in software. Like compilers, static analyzers take a program as input. This paper covers tools that examine source code--without executing it--and output bug reports. Static analysis is a

Fuzz Testing for Software Assurance

March 1, 2015
Author(s)
Vadim Okun, Elizabeth N. Fong
Fuzz Testing, or fuzzing, is a software testing technique that involves providing invalid, unexpected, or random test inputs to the software system under test. The system is then monitored for crashes and other undesirable behavior. Fuzz testing can be

Of Massive Static Analysis Data

June 20, 2013
Author(s)
Aurelien M. Delaitre, Vadim Okun, Elizabeth N. Fong
Static analysis produces large amounts of data. The volume of data allows for new developments in research. Practical observations of the effectiveness of static analysis tools can be derived from that data. The question of tool statistical independence

Report on the Static Analysis Tool Exposition (SATE) IV

February 4, 2013
Author(s)
Vadim Okun, Aurelien M. Delaitre, Paul E. Black
The NIST SAMATE project conducted the fourth Static Analysis Tool Exposition (SATE IV) to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test sets

Report on the Third Static Analysis Tool Exposition (SATE 2010)

October 27, 2011
Author(s)
Vadim Okun, Paul E. Black, Aurelien M. Delaitre
The NIST Software Assurance Metrics And Tool Evaluation (SAMATE) project conducted the third Static Analysis Tool Exposition (SATE) in 2010 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were

The Second Static Analysis Tool Exposition (SATE) 2009

July 2, 2010
Author(s)
Vadim Okun, Paul E. Black, Aurelien M. Delaitre
The NIST SAMATE project conducted the second Static Analysis Tool Exposition (SATE) in 2009 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test