70 likes | 77 Views
Planning for SATE 2011: Thorns, Roses, and Buds. Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov. Thorns, Roses, and Buds. What should we … not do again? … continue doing? … start doing?. Should there be a SATE 2011?
E N D
Planning for SATE 2011:Thorns, Roses, and Buds Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov
Thorns, Roses, and Buds What should we • … not do again? • … continue doing? • … start doing? Paul E. Black
Should there be a SATE 2011? SATE every two years? Paul E. Black
What Should the Goals Be? • SATE 2010 goals are • Enable empirical research based on large test sets, • Encourage improvement of tools, • Speed adoption of tools by objectively demonstrating their use on real software. Paul E. Black
What is the Procedure? • What tracks? • Add more languages: PHP, C#? • Embedded code? • Parallel static and black box/dynamic/web app scanner tracks on same test set? • Manual analysis/service? • Running tools • Run on many versions • Install and run on a cloud? VM? • Supply context • Methods of Analysis? • Choose sample of bugs across CWEs, e.g., CVEs are representative of all CWEs Paul E. Black
Who Participates? • Spread invitations wider • Who should we recruit? • Broaden set of organizers • Program planning committee • Analyzers • Sponsors Paul E. Black
Experience Workshop • What is a good venue? • Time • Organizing meeting Oct 2011 • Run SATE proper February - June 2012 • Workshop Aug/Sep/Oct 2012 • Place/conference • Two day workshop? • Content of experience reports • More formal? • Template? Paul E. Black