Professional Documents
Culture Documents
Developing A Reference Dataset To Accurately Evaluate SA Tools
Developing A Reference Dataset To Accurately Evaluate SA Tools
Developing A Reference Dataset To Accurately Evaluate SA Tools
Dataset to Accurately
Evaluate SA Tools
Paul E. Black
Computer Scientist, NIST
paul.black@nist.gov
+1 301-975-4794
OWAS
P
AppSe
c
This is a work of the U.S. Government and is not subject to
copyright protection in the United States.
DC
October 2005
The OWASP
http://www.owasp.org/
Foundation
Outline
Researchers
Is a new method “better” than existing methods?
Faster? Finds more flaws? Fewer false alarms? Produces
more reliable programs? In what instances?
Saves time of assembling test cases
Tool Developers
What flaws should be caught? What problems should be
prevented in code?
Suggests direction for new development
End Users
Understand need for better tools and techniques
Save effort and improve thoroughness in evaluation
Confirm utility of methods and tools
Surveys
Draw from researchers, developers, and users
Taxonomies
Use common taxonomy of flaws
Grouped by common taxonomy of tools and methods
Gaps and research agendas
Helps highlight what is needed
Studies to develop metrics
Well-characterized samples for study
Enable tool evaluations
Standard reference material for use in test plans
Paul E. Black
Project Leader
Software Diagnostics & Conformance Testing
Division, Software Quality Group, Information
Technology Laboratory, NIST
paul.black@nist.gov