CFP Static Analysis Tool Exposition (SATE) Workshop
Paul E. Black
-----------------------------------------------------------------------------
National Institute of Standards and Technology (NIST)
Software Assurance Metrics and Tool Evaluation (SAMATE) Project
Static Analysis Tool Exposition (SATE 2009) Workshop
6 November 2009
Washington, D.C. metro area
http://samate.nist.gov/
----------------------------------------------------------------------------
Software must be developed to be high quality: quality cannot be
"tested in". However auditors, certifiers, and others must assess the
quality of delivered software. "Black-box" software testing cannot
realistically find maliciously implanted Trojan horses or subtle
errors which have many preconditions. For maximum reliability and
assurance, static analysis must be applied to all levels of software
artifacts, from models to source code to byte code to binaries.
Static analyzers are quite capable and are developing quickly. Yet,
developers, auditors, and examiners could use far more capabilities.
This workshop has two goals. First, gather participants and
organizers of Static Analysis Tool Exposition 2009 to share
experiences, report interesting observations, and discuss lessons
learned. We will reserve workshop time for such presentations from
SATE participants.
The second goal of the workshop is to convene researchers, developers,
and government and industrial users to define obstacles to
urgently-needed software assurance capabilities and identify
approaches to overcome them, either engineering or research. In
addition to SATE presentations we solicit contributions describing
basic research, applications, experience, or proposals relevant to
software assurance tools, techniques, and their evaluation. Questions
and topics of interest include but are not limited to:
* Contribution of static analysis to software security assurance
* Issues in applying static analysis to binaries
* System assurance at the design or requirements level
* Integration of, or tradeoffs between, static and dynamic analysis
* Issues in scaling static analysis to deal with large systems
* Flaw catching vs. sound analysis
* Benchmarks or reference datasets
* Formal descriptions of weaknesses and vulnerabilities
* User experience drawing useful lessons or comparisons
* Synergies of pre- and post-production assurance
* Case studies on real applications
* Temporal and inter-tool information sharing
This workshop follows Static Analysis Tool Exposition (at SAW 2008),
the Static Analysis Summit (2006), and Static Analysis Summit II
(2007).
SUBMISSIONS:
Open submission papers should be from 2 to 8 pages long. Papers over
eight pages will not be reviewed. Papers should clearly identify
their novel contributions.
Submit papers electronically in PDF no later than 2 October 2009 to
Wendy Havens <wendy....@nist.gov>. Your submission constitutes
permission for us to publish it in workshop proceedings.
We will notify submitters of acceptance by 16 October 2009.
Presentations by SATE participants will be handled separately.
PUBLICATION:
Accepted papers will be published in the workshop proceedings as a
NIST Special Publication.
IMPORTANT DATES:
2 October: Paper submission deadline
16 October: Author notification
6 November: Workshop
I am the general chair.
Respectfully,
-paul-
--
Paul E. Black (p.b...@acm.org) 100 Bureau Drive, Stop 8970
paul....@nist.gov Gaithersburg, Maryland 20899-8970
voice: +1 301 975-4794 fax: +1 301 975-6097
http://hissa.nist.gov/~black/ KC7PKT