Title :
Of Massive Static Analysis Data
Author :
Delaitre, Aurelien ; Okun, Vadim ; Fong, Erin
Author_Institution :
Dept. of Comput. Sci. & Electr. Eng., West Virginia Univ., Morgantown, WV, USA
Abstract :
The Software Assurance Metrics and Tool Evaluation (SAMATE) project at the National Institute of Standards and Technology (NIST) has organized four Static Analysis Tool Expositions (SATE). SATE is designed to advance research in static analysis tools that find security-relevant defects in source code. Briefly, participating tool makers run their tools on a set of programs. Researchers led by NIST analyze the tool outputs. The results and experiences are reported at a workshop. These expositions have accumulated large amounts of data. This collection allowed for the development and validation of practical metrics in regard to static analysis tool effectiveness and independence. In this paper, we discuss the role of the data in determining which metrics can be derived. Specifically, we detail the three characteristics test data should exhibit and explain why the data we use express each combination of two out of these three properties.
Keywords :
program diagnostics; software metrics; NIST; National Institute of Standards and Technology; SAMATE; massive static analysis data; software assurance metrics and tool evaluation project; static analysis tool expositions; Conferences; Manuals; Measurement; NIST; Production; Security; Software; security weaknesses; software metrics; static analysis tools; tool effectiveness; tool independence;
Conference_Titel :
Software Security and Reliability-Companion (SERE-C), 2013 IEEE 7th International Conference on
Conference_Location :
Gaithersburg, MD
Print_ISBN :
978-1-4799-2924-5
DOI :
10.1109/SERE-C.2013.10
