Upload File

planning for sate v paul e. black national institute of standards and technology ...

8
Planning for SATE V Planning for SATE V Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ [email protected]

Upload: willis-cannon

Post on 24-Dec-2015

213 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Planning for SATE V Paul E. Black National Institute of Standards and Technology paul.black@nist.gov

Planning for SATE VPlanning for SATE V

Paul E. BlackNational Institute of Standards and Technology

http://www.nist.gov/

[email protected]

Page 2: Planning for SATE V Paul E. Black National Institute of Standards and Technology paul.black@nist.gov

April 19, 2023 Paul E. Black 2

Thorns, Roses, and BudsThorns, Roses, and Buds

What should we … not do again? … continue doing? … start doing?

Well?

Page 3: Planning for SATE V Paul E. Black National Institute of Standards and Technology paul.black@nist.gov

April 19, 2023 Paul E. Black 3

Tool Users: What Do You Want Tool Users: What Do You Want From SATE? How Can It Help?From SATE? How Can It Help? SATE IV goals are– Enable empirical research based on large test

sets,– Encourage improvement of tools,– Speed adoption of tools by objectively

demonstrating their use on real software.

Page 4: Planning for SATE V Paul E. Black National Institute of Standards and Technology paul.black@nist.gov

April 19, 2023 Paul E. Black 4

What tracks and objects?What tracks and objects?

Keep PHP? Add more languages: C#? Add binaries?– Precompiled, so tool maker doesn’t have to

fiddle with options, compiler, etc. Focus on concurrency and threading?– deadlock detection– race conditions

Malicious code (backdoor) detection?

Page 5: Planning for SATE V Paul E. Black National Institute of Standards and Technology paul.black@nist.gov

April 19, 2023 Paul E. Black 5

Procedure or Scope Changes?Procedure or Scope Changes?

Parallel static and black box/dynamic/web app scanner tracks on same test set?

Further: test set is one program and code reviewers, testers, fuzzers, etc. play, too

Go beyond security to general quality & bug finding?

We want to use SAFES format, to receive warning reports, and CCR (Claims Coverage Representation), for declaration of what tools look for.

Page 6: Planning for SATE V Paul E. Black National Institute of Standards and Technology paul.black@nist.gov

April 19, 2023 Paul E. Black 6

Possible time linePossible time line

Recruit users for program planning committee

Organizing meeting in the fall, say October Begin concentrated work in Jan/Feb 2013– recruit participants and choose test cases

Release test cases in April 2013 Team submit results in July We finish analysis in October Next workshop in December

Page 7: Planning for SATE V Paul E. Black National Institute of Standards and Technology paul.black@nist.gov

April 19, 2023 Paul E. Black 7

Who Participates?Who Participates?

How can we spread invitations wider? Who should we recruit?

Broaden set of organizers– Program planning committee– Analyzers

Don’t share results so more tool makers participate?

Page 8: Planning for SATE V Paul E. Black National Institute of Standards and Technology paul.black@nist.gov

April 19, 2023 Paul E. Black 8

On behalf of the organizers, On behalf of the organizers, participants, and program committeeparticipants, and program committee


The Foundations of Risk Management - NIST.gov - Computer

SATE 2010 Analysis Aurélien Delaitre, NIST [email protected] October 1, 2010 The SAMATE Project

Almir sate

CRYPTOGRAPHIC ALGORITHM METRICS - NIST.gov - Computer Security

Sate Telur

TANDBERG MXP Codec - NIST.gov - Computer Security Division

SenSage, Inc. CryptoCore Module - NIST.gov - Computer Security

Title Month Year - NIST.gov - Computer Security Division

The Role of Static Analysis Tools in Software Development Paul E. Black [email protected]

Conformance Lynne S. Rosenthal Mary Brady National Institute of Standards and Technology [email protected] [email protected]

HIPAA Security Compliance Reviews - NIST.gov - Computer Security

Sate Benidorm

NIST.gov Sp250 37

BAB II METODE PERANCANGAN · dan desain untuk busana. Dengan inspirasi gambar diatas, maka perancangan motif berupa sate usus, sate telur, sate keong, sate kerang, nasi bungkus, tahu,

Sistema SATE

karma sate

Connect:Direct Secure+ Option - NIST.gov - Computer Security

Safety Overview for VCAT - nist.gov

Evaluating Static Analysis Tools Dr. Paul E. Black [email protected]

Yiming Qiu [email protected] 4/2016

WEDDING ASIK WEDDING ORGANIZER · PDF fileMacaroni Schotel Rp. 300.000/Lyng Aneka Sate : Sate Ayam + Lontong Rp. 10.000/Porsi Sate Kambing + Lontong Rp. 13.500/Porsi Sate Padang

NIST Contacts • John J. Garguilo [email protected]

Sate Komoh

Likelihood Ratios for Mixtures: Semi-continuous Approach · Simone Gittelson, Ph.D., [email protected] Michael Coble, Ph.D., [email protected] Acknowledgement ... =207.30

PSCR Security - nist.gov

IEEE 1073 Testing Mary Brady Rick Rivello NIST [email protected] [email protected]

SATE 2010 Background Vadim Okun, NIST [email protected] October 1, 2010 The SAMATE Project

Department of Defense INSTRUCTION - NIST.gov - Computer Security

tempoyak sate

115 Preparation and Properties of Nanoparticles of …05)[email protected] [email protected] [email protected] [email protected] This study aimed at preparing

Dr. Ramaswamy Chandramouli (Mouli) [email protected] (NIST

Sate ahsan

Empire sate

Appendix D - nist.gov

Trends in Field Failure Modes - nist.gov