ABSTRACT
The purpose of the workshop is to convene researchers, developers, and government and industrial users of software security assurance (SSA) tools to refine the taxonomy of flaws and the taxonomy of SSA tool functions, converge on which SSA functions should first have specifications and tests developed, gather SSA tool developers for "target practice" on the reference datasets, and identify gaps or requirements for research in SSA functions. There are contributions describing basic research, novel applications, and experience relevant to SSA tools and their evaluation. The reference datasets are code with known flaws and vulnerabilities, with corresponding correct versions, to be used as references for tool testing, to make research easier, and to be a standard of evaluation. Tools ranging from commercial products to university projects "shoot holes" in the datasets to suggest extensions, improvements, etc. This is a U.S. National Institute of Standards and Technology SAMATE (http://samate.nist.gov/) workshop.
Recommendations
Quantitative security assurance metrics: REST API case studies
ECSA '18: Proceedings of the 12th European Conference on Software Architecture: Companion ProceedingsSecurity assurance is the confidence that a system meets its security requirements based on specific evidences that an assurance technique provide. The notion of measuring security is complex and tricky. Existing approaches either (1) consider one ...
Integrating security activities into the software development life cycle and the software quality assurance process
Security concerns should be an integral part of the entire planning, development, and operation of a computer application. Inadequacies in the design and operation of computer applications are very frequent source of security vulnerabilities associated ...
Towards agile security assurance
NSPW '04: Proceedings of the 2004 workshop on New security paradigmsAgile development methodologies are gaining acceptance in the software industry. If they are to be used for constructing security-critical solutions, what do we do about assurance? This paper examines how conventional security assurance suits agile ...
Comments