1 / 7

Planning for SATE 2011: Thorns, Roses, and Buds

Planning for SATE 2011: Thorns, Roses, and Buds. Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov. Thorns, Roses, and Buds. What should we … not do again? … continue doing? … start doing?. Should there be a SATE 2011?

katy
Download Presentation

Planning for SATE 2011: Thorns, Roses, and Buds

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Planning for SATE 2011:Thorns, Roses, and Buds Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov

  2. Thorns, Roses, and Buds What should we • … not do again? • … continue doing? • … start doing? Paul E. Black

  3. Should there be a SATE 2011? SATE every two years? Paul E. Black

  4. What Should the Goals Be? • SATE 2010 goals are • Enable empirical research based on large test sets, • Encourage improvement of tools, • Speed adoption of tools by objectively demonstrating their use on real software. Paul E. Black

  5. What is the Procedure? • What tracks? • Add more languages: PHP, C#? • Embedded code? • Parallel static and black box/dynamic/web app scanner tracks on same test set? • Manual analysis/service? • Running tools • Run on many versions • Install and run on a cloud? VM? • Supply context • Methods of Analysis? • Choose sample of bugs across CWEs, e.g., CVEs are representative of all CWEs Paul E. Black

  6. Who Participates? • Spread invitations wider • Who should we recruit? • Broaden set of organizers • Program planning committee • Analyzers • Sponsors Paul E. Black

  7. Experience Workshop • What is a good venue? • Time • Organizing meeting Oct 2011 • Run SATE proper February - June 2012 • Workshop Aug/Sep/Oct 2012 • Place/conference • Two day workshop? • Content of experience reports • More formal? • Template? Paul E. Black

More Related