Secure Coding mailing list archives
IBM Acquires Ounce Labs, Inc.
From: coley at linus.mitre.org (Steven M. Christey)
Date: Wed, 5 Aug 2009 14:24:05 -0400 (EDT)
On Tue, 4 Aug 2009, Chris Wysopal wrote:
As a group of security practitioners it is amazing to me that we don't have more quantifiable testing and tools/services are just dismissed with anecdotal data. I am glad NIST SATE '09 will soon be underway and, at least for static analysis tools, we will have unbiased independent testing. I am hoping for a big improvement over last year. I especially like the category they are using for some flaws found as "valid but insignificant". Clearly they are improving based on feedback from SATE '08.
By the way, I don't recall anybody mentioning this to SC-L before, but the SATE 2008 writeup and raw data are available: http://samate.nist.gov/index.php/SATE.html In the NIST pub we cover a lot of lessons learned, especially in my paper.
From the raw data you can see the complexities in doing this kind of
large-scale comparison. In my opinion, our biggest limitation was not using live tools. - Steve
Current thread:
- Source or Binary, (continued)
- Source or Binary Wall, Kevin (Jul 30)
- Static Vs. Binary John Steven (Jul 30)
- Static Vs. Binary Pravir Chandra (Jul 30)
- Static Vs. Binary Kenneth Van Wyk (Jul 30)
- Static Vs. Binary John Steven (Aug 04)
- IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 04)
- IBM Acquires Ounce Labs, Inc. Chris Wysopal (Aug 04)
- IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 04)
- IBM Acquires Ounce Labs, Inc. Wall, Kevin (Aug 04)
- IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 04)
- IBM Acquires Ounce Labs, Inc. Steven M. Christey (Aug 05)
- IBM Acquires Ounce Labs, Inc. Romain Gaucher (Aug 05)
- IBM Acquires Ounce Labs, Inc. Steven M. Christey (Aug 05)
- IBM Acquires Ounce Labs, Inc. Matt Fisher (Aug 05)
- IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 05)
- Integrated Dynamic and Static Scanning Brad Andrews (Jul 28)
- Integrated Dynamic and Static Scanning McGovern, James F (HTSC, IT) (Jul 29)
- Integrated Dynamic and Static Scanning Brad Andrews (Jul 29)
- Message not available
- Integrated Dynamic and Static Scanning Brad Andrews (Jul 29)