Professional Documents
Culture Documents
Paul E. Black
Computer Scientist, NIST
paul.black@nist.gov
+1 301-975-4794
OWAS
P
AppSe
c
This is a work of the U.S. Government and is not subject to
copyright protection in the United States.
DC
October 2005
The OWASP
http://www.owasp.org/
Foundation
Outline
Surveys
Tools
Researchers and companies
Workshops & conference sessions
Taxonomy of software assurance (SwA) functions &
techniques
Order of importance (cost/benefit, criticalities, …)
Gaps and research agendas
Studies to develop metrics
Enable tool evaluations
Write detailed specification
Develop test plans and reference material
Collect tool evaluations, case studies, and comparisons
http://samate.nist.gov/
OWASP AppSec DC 2005 3
Taxonomy of SwA Tool Functions and
Techniques
tool
Workshop1 testing Workshop 2 Workshop 3
SwA matrix research metrics
classes gaps studies
strawman Spec1
spec
draft
Why Look at Checking First?
Qualitative comparison
warmer, colder buggy, secure
Measured value
Derived units
Heat energy=smt Software assurance
≈ pt
OWASP AppSec DC 2005 13
Benefits of SAMATE Project
Paul E. Black
Project Leader
Software Diagnostics & Conformance Testing
Division, Software Quality Group, Information
Technology Laboratory, NIST
paul.black@nist.gov