This is the website for IEEE Std 1471–2000, Recommended
Practice for Architectural Description of Software-intensive
Systems, which is now also ISO/IEC 42010:2007
establish a methodology for evaluating software assurance tools
Source Code Security
Analyzers – This class of software tools examines source code
files for security weaknesses and potential vulnerabilities
Web Application Vulnerability Scanners – These tools crawl a web application’s pages and search the application for vulnerabilities by simulating attacks on it
A new effort on Binary Code Scanners - Similar to source code security analyzers, this class of tool analyzes a compiled binary application, including libraries, and provides a report of code weakness over the entire application.
The SAMATE Reference Dataset (SRD) - A community repository of example code and other artifacts to help end users evaluate tools and developers test their methods
Third annual Static Analysis Tools Exposition, which is in progress. The goals are to
enable empirical research based on large test sets,
encourage improvement of tools, and
speed tool adoption by objectively demonstrating their use on real software.