Planning for SATE V Paul E. Black National Institute of Standards and Technology

Slides:

Advertisements

Similar presentations

How to Grade Wikis Ways to look for and grade evidence of collaboration & build strong partnerships.

Advertisements

Learner-Centered Education Course Redesign Initiative Builds upon work of prior LCE grants Will award grants of $40,000 - $50,000, with the option.

GEOSS Data Sharing Principles. GEOSS 10-Year Implementation Plan 5.4 Data Sharing The societal benefits of Earth observations cannot be achieved without.

Months of the year December January November October February

Extreme Programming Alexander Kanavin Lappeenranta University of Technology.

Lawrence Livermore National Laboratory ROSE Compiler Project Computational Exascale Workshop December 2010 Dan Quinlan Chunhua Liao, Justin Too, Robb Matzke,

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Testing and Quality Assurance

PARCC Progress Update 1 June 26, In the Last Year… 2 June 2012 Minimum Technology Specifications, Version 1.0, Released Item Development Began August.

SATE 2010 Background Vadim Okun, NIST October 1, 2010 The SAMATE Project

Choosing SATE Test Cases Based on CVEs Sue Wang October 1, 2010 The SAMATE Project 1SATE 2010 Workshop.

Chubaka Producciones Presenta :.

BEDES & SEED Building Energy Data Exchange Specification & Standard Energy Efficiency Data Platform April 14, 2015 Robin Mitchell Lawrence Berkeley National.

Drift Chambers at DESY and CERN Mike Green, Fabrizio Salvatore, Michele Faucci Giannelli.

Mike Azocar Sr. Developer Technical Specialist Microsoft Corporation

2012 JANUARY Sun Mon Tue Wed Thu Fri Sat

CS533 Concepts of Operating Systems Class 3 Monitors.

CAEP 101: A Culture of Evidence

This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.

How do you practice Software Testing? By Michael Kelly.

“Good Enough” Metrics Jeremy Epstein Senior Director, Product Security webMethods, Inc.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

VEX: VETTING BROWSER EXTENSIONS FOR SECURITY VULNERABILITIES XIANG PAN.

CMSC 345 Fall 2000 Unit Testing. The testing process.

High Performance Louisiana State University - LONI HPC Enablement Workshop – LaTech University,

Office 365 Platform Flexible Tools Understand required steps to transfer from FTC deployments to new app model world…

Incorporating Pragmatic Usability Testing Into a Software Test Plan Carla Merrill, Ph.D. Focused Design focuseddesign.com

PCORnet: PopMedNet Use Jessica Sturtevant Data Standards, Security and Network Infrastructure Operations Team July 27, 2015 PopMedNet User Group Conference.

Computer Programming I An Introduction to the art and science of programming with C++

1 G4MICE Design Iteration Malcolm Ellis MICE Video Conference 21 st April 2004.

Modernization and Reengineering of the Census of Governments Presented at the State Data Center Annual Training Conference Lisa Blumerman Governments Division.

Software Errors. There’s a bug in our code [Probably] The first software bug Harvard Mark II – Electromechanical machine Moth found in relay Found by.

Black Box Software Testing Copyright © 2003 Cem Kaner & James Bach 1 Black Box Software Testing Fall 2004 PART USER TESTING by Cem Kaner, J.D., Ph.D.

Use of Coverity & Valgrind in Geant4 Gabriele Cosmo.

From Quality Control to Quality Assurance…and Beyond Alan Page Microsoft.

16 August Verilog++ Assertion Extension Requirements Proposal.

STRATEGY SESSION SEPTEMBER 15, YEAR SECURITY DISCUSSION 1 NETWORK PLANNING TASK FORCE.

© 2006 DTP PMC; made available under the EPL v1.0 | July 12, 2006 | DTP Enablement Project Creation Review Creation Review: Eclipse Data Tools Platform.

OSCAR May 5, 2014 Proven Quality, Security, Privacy and Interoperability OSCAR EMR is an ISO 13485:2003 Certified Not-for-Profit Organization OSCAR.

This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.

1 Topics for this Lecture Build systems Static analysis.

COmmon Business Oriented Language

An Undergraduate Course on Software Bug Detection Tools and Techniques Eric Larson Seattle University March 3, 2006.

2011 Calendar Important Dates/Events/Homework. SunSatFriThursWedTuesMon January

Content Mgmt Services Digital Delivery Update April 2013.

“Most people get conned because they get involved with something they don’t understand.” "Paul Wilson" …The Real Hustle.

Learning to Craft Code is Challenging Every skill we have acquired was trick at first We need to take baby steps We need proper support.

Cruise Training Introduction of Continuous Integration.

July 2007 SundayMondayTuesdayWednesdayThursdayFridaySaturday

Security Development Lifecycle. Microsoft SDL 概觀 The SDL is composed of proven security practices It works in development organizations regardless of.

GROUPROCKET - Choose Collaboration Software for Your Company.

Judy Stafford Comp 190 – Meeting 2 February 2, Working to get it Right.

#msdevcon Community Track IMPLEMENTATION OF SCRUM Bernardin Katić Insa Investment Software AG.

CII badging program for ONAP ONAP security committee Stephen Terrill

FRANCHISE INSTITUTION

Liaison Report to WS-BPEL Technical Committee of Oasis Update

to explore and validate a better library homepage

All Wales Safeguarding Procedures Review Project

Security in Java Real or Decaf? cs205: engineering software

Health Ingenuity Exchange - HingX

Modeling Teams: A General Systems Theory Approach

How to stop Fortran programming problems at the source

CSE 403 Lecture 13 Black/White-Box Testing Reading:

DAT381 Team Development with SQL Server 2005

Tropical cyclones movement

February 2007 Note: Source:.

An Introduction to ZAP The OWASP Zed Attack Proxy

Rich Model Toolkit – An Infrastructure for Reliable Computer Systems

2015 January February March April May June July August September

Presentation transcript:

Planning for SATE V Paul E. Black National Institute of Standards and Technology

18 August 2015 Paul E. Black 2 Thorns, Roses, and Buds What should we … not do again? … continue doing? … start doing? Well?

18 August 2015 Paul E. Black 3 Tool Users: What Do You Want From SATE? How Can It Help? SATE IV goals are –Enable empirical research based on large test sets, –Encourage improvement of tools, –Speed adoption of tools by objectively demonstrating their use on real software.

18 August 2015 Paul E. Black 4 What tracks and objects? Keep PHP? Add more languages: C#? Add binaries? –Precompiled, so tool maker doesn’t have to fiddle with options, compiler, etc. Focus on concurrency and threading? –deadlock detection –race conditions Malicious code (backdoor) detection?

18 August 2015 Paul E. Black 5 Procedure or Scope Changes? Parallel static and black box/dynamic/web app scanner tracks on same test set? Further: test set is one program and code reviewers, testers, fuzzers, etc. play, too Go beyond security to general quality & bug finding? We want to use SAFES format, to receive warning reports, and CCR (Claims Coverage Representation), for declaration of what tools look for.

18 August 2015 Paul E. Black 6 Possible time line Recruit users for program planning committee Organizing meeting in the fall, say October Begin concentrated work in Jan/Feb 2013 –recruit participants and choose test cases Release test cases in April 2013 Team submit results in July We finish analysis in October Next workshop in December

18 August 2015 Paul E. Black 7 Who Participates? How can we spread invitations wider? Who should we recruit? Broaden set of organizers –Program planning committee –Analyzers Don’t share results so more tool makers participate?

18 August 2015 Paul E. Black 8 On behalf of the organizers, participants, and program committee