Article

Software security assurance tools, techniques and metrics (SSATTM)

Authors:
Paul E. Black

U.S. National Institute of Standards and Technology (NIST)

U.S. National Institute of Standards and Technology (NIST)
View Profile

,
Michael Kass

U.S. National Institute of Standards and Technology (NIST)

U.S. National Institute of Standards and Technology (NIST)
View Profile

ASE '05: Proceedings of the 20th IEEE/ACM International Conference on Automated Software EngineeringNovember 2005Pages 461https://doi.org/10.1145/1101908.1102001

Published:07 November 2005Publication History

ASE '05: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering

Pages 461

ABSTRACT

The purpose of the workshop is to convene researchers, developers, and government and industrial users of software security assurance (SSA) tools to refine the taxonomy of flaws and the taxonomy of SSA tool functions, converge on which SSA functions should first have specifications and tests developed, gather SSA tool developers for "target practice" on the reference datasets, and identify gaps or requirements for research in SSA functions. There are contributions describing basic research, novel applications, and experience relevant to SSA tools and their evaluation. The reference datasets are code with known flaws and vulnerabilities, with corresponding correct versions, to be used as references for tool testing, to make research easier, and to be a standard of evaluation. Tools ranging from commercial products to university projects "shoot holes" in the datasets to suggest extensions, improvements, etc. This is a U.S. National Institute of Standards and Technology SAMATE (http://samate.nist.gov/) workshop.

Recommendations

Quantitative security assurance metrics: REST API case studies
ECSA '18: Proceedings of the 12th European Conference on Software Architecture: Companion Proceedings

Security assurance is the confidence that a system meets its security requirements based on specific evidences that an assurance technique provide. The notion of measuring security is complex and tricky. Existing approaches either (1) consider one ...
Read More
Integrating security activities into the software development life cycle and the software quality assurance process

Security concerns should be an integral part of the entire planning, development, and operation of a computer application. Inadequacies in the design and operation of computer applications are very frequent source of security vulnerabilities associated ...
Read More
Towards agile security assurance
NSPW '04: Proceedings of the 2004 workshop on New security paradigms

Agile development methodologies are gaining acceptance in the software industry. If they are to be used for constructing security-critical solutions, what do we do about assurance? This paper examines how conventional security assurance suits agile ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASE '05: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering
November 2005
482 pages
ISBN:1581139934
DOI:10.1145/1101908
General Chair:
David Redmiles
University of California, Irvine, CA
,
Program Chairs:
Tom Ellman
Vassar College
,
Andrea Zisman
City University, UK
Copyright © 2005 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 7 November 2005
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate82of337submissions,24%
Upcoming Conference
ASE '24

Sponsor:

sigsoft online

sigsoft online

ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering

October 27 - November 1, 2024

Sacramento , CA , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 446
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Software security assurance tools, techniques and metrics (SSATTM)

ASE '05: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering

ABSTRACT

Cited By

Recommendations

Quantitative security assurance metrics: REST API case studies

Integrating security activities into the software development life cycle and the software quality assurance process

Towards agile security assurance

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Software security assurance tools, techniques and metrics (SSATTM)

ASE '05: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering

ABSTRACT

Cited By

Recommendations

Quantitative security assurance metrics: REST API case studies

Integrating security activities into the software development life cycle and the software quality assurance process

Towards agile security assurance

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media