Proceedings of Workshop on Software Security Assurance Tools, Techniques, and Metrics, Paul E. Black (chair), Michael Kass (Co-chair), and Elizabeth Fong (editor), NIST Special Publication 500-265, February 2006.

    This is the proceedings of a workshop held on November 7 and 8, 2005 in Long Beach, California, USA, hosted by the Software Diagnostics and Conformance Testing Division, Information Technology Laboratory, of the National Institute of Standards and Technology. The workshop, "Software Security Assurance Tools, Techniques, and Metrics," is one of a series in the NIST Software Assurance Measurement and Tool Evaluation (SAMATE) project, which is partially funded by DHS to help identify and enhance software security assurance (SSA) tools. The goal of this workshop is to discuss and refine the taxonomy of flaws and the taxonomy of functions, come to a consensus on which SSA functions should first have specifications and standards tests developed, gather SSA tools suppliers for "target practice" on reference datasets of code, and identify gaps or research needs in SSA functions.

The proceedings include workshop material, descriptions of the target practice, and 11 papers. The workshop URL is

Get the proceedings in PDF (21M).

This page's URL is /~black/Papers/nistSP500-265_nov05.html

Updated Mon Feb 13 16:38:05 2006

by Paul E. Black  (

Go to Black's papers or NIST home page.