1 / 8

Planning for SATE V

Planning for SATE V. Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov. Thorns, Roses, and Buds. What should we … not do again? … continue doing? … start doing?. Well?. Tool Users: What Do You Want From SATE? How Can It Help?.

robbinse
Download Presentation

Planning for SATE V

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Planning for SATE V Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov

  2. Thorns, Roses, and Buds What should we • … not do again? • … continue doing? • … start doing? Well? Paul E. Black

  3. Tool Users: What Do You Want From SATE? How Can It Help? • SATE IV goals are • Enable empirical research based on large test sets, • Encourage improvement of tools, • Speed adoption of tools by objectively demonstrating their use on real software. Paul E. Black

  4. What tracks and objects? • Keep PHP? • Add more languages: C#? • Add binaries? • Precompiled, so tool maker doesn’t have to fiddle with options, compiler, etc. • Focus on concurrency and threading? • deadlock detection • race conditions • Malicious code (backdoor) detection? Paul E. Black

  5. Procedure or Scope Changes? • Parallel static and black box/dynamic/web app scanner tracks on same test set? • Further: test set is one program and code reviewers, testers, fuzzers, etc. play, too • Go beyond security to general quality & bug finding? • We want to use SAFES format, to receive warning reports, and CCR (Claims Coverage Representation), for declaration of what tools look for. Paul E. Black

  6. Possible time line • Recruit users for program planning committee • Organizing meeting in the fall, say October • Begin concentrated work in Jan/Feb 2013 • recruit participants and choose test cases • Release test cases in April 2013 • Team submit results in July • We finish analysis in October • Next workshop in December Paul E. Black

  7. Who Participates? • How can we spread invitations wider? • Who should we recruit? • Broaden set of organizers • Program planning committee • Analyzers • Don’t share results so more tool makers participate? Paul E. Black

  8. On behalf of the organizers, participants, and program committee Thank you! Paul E. Black

More Related