Static Analysis Tool Exposition (SATE) 2008,
Vadim Okun, Romain Gaucher, and Paul E. Black, editors,
U.S. National Institute of Standards and Technology (NIST) Special
Publication (SP) 500-279, June, 2009.
The NIST SAMATE project conducted the first Static Analysis Tool
Exposition (SATE) in 2008 to advance research in static analysis
tools that find security defects in source code. The main goals of
SATE were to enable empirical research based on large test sets and
to encourage improvement and speed adoption of tools. The exposition
was planned to be an annual event.
Briefly, participating tool makers ran their tool on a set of
programs. Researchers led by NIST performed a partial analysis of
tool reports. The results and experiences were reported at the
Static Analysis Workshop in Tucson, AZ, in June, 2008. The tool
reports and analysis were made publicly available in early 2009.
This special publication consists of the following
papers. "Review of the First Static Analysis Tool Exposition
(SATE 2008)" by Vadim Okun, Romain Gaucher, and Paul E. Black,
describes the SATE procedure, provides observations based on the
data collected, and critiques the exposition, including the lessons
learned that may help future expositions. Paul Anderson's
"Commentary on CodeSonar's SATE Results" has comments
by one of the participating tool makers. Steve Christey presents his
experiences in analysis of tool reports and discusses the SATE
issues in "SATE Lessons Learned and Future Directions".
Get the paper in
This page's URL is /~black/Papers/SATE2008.html
Tue Sep 29 14:43:59 2009
by Paul E. Black
Black's papers or
NIST home page.