Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

SC-L Digest, Vol 5, Issue 163

From: sbarnum at cigital.com (Sean Barnum)
Date: Mon, 16 Nov 2009 12:25:13 -0500
James,
There is such an effort currently underway called the Software Assurance Findings Expression Schema (SAFES). It is 
currently sponsored by the NSA Center for Assured Software and aims to unify reporting not only of static analysis 
findings but the broader set of software assurance analysis findings reporting including dynamic analysis, web app 
scanning, data security analysis, etc.
There is a Review Candidate 1 release going out for review today to a limited audience of the 20 or so tool and service 
vendors who acted as sources for this initial effort. The first public release is targeted for sometime in January.
So far, the effort has received overwhelmingly positive reaction and involvement from the community. I briefed on it 
week before last at the Software Assurance Forum and at the NIST SAMATE Static Analysis Tool Exposition (SATE).

Keep your eyes peeled and ears open. Hopefully, brighter days are ahead for all of us in the software assurance 
community.

Sean

Message: 1
Date: Mon, 16 Nov 2009 09:16:57 -0500
From: "McGovern, James F. (eBusiness)"
        <James.McGovern at thehartford.com>
To: <sc-l at securecoding.org>
Subject: [SC-L] Static Analysis Findings
Message-ID:
        <BFD50E79FBE23A4FB6BE93572A6FE2870200ACAB at AD1HFDEXC312.ad1.prod>
Content-Type: text/plain; charset="us-ascii"

I spent some time over the weekend looking at the Ounce Findings file
(OZASMT) and wonder if the community at large should push Ounce,
Fortify, Klocwork, Coverity, etc to come up with an interoperable
XML-based way of exchanging findings?
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, 
confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, 
dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender 
immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: