establish a methodology for evaluating software assurance tools
Source Code Security
Analyzers – This class of software tools examines source code
files for security weaknesses and potential vulnerabilities
Web Application Vulnerability Scanners – These tools crawl a web application’s pages and search the application for vulnerabilities by simulating attacks on it
A new effort on Binary Code Scanners - Similar to source code security analyzers, this class of tool analyzes a compiled binary application, including libraries, and provides a report of code weakness over the entire application.
The SAMATE Reference Dataset (SRD) - A community repository of example code and other artifacts to help end users evaluate tools and developers test their methods
Third annual Static Analysis Tools Exposition, which is in progress. The goals are to
enable empirical research based on large test sets,
encourage improvement of tools, and
speed tool adoption by objectively demonstrating their use on real software.
Requirements Definition and Management for DummiesSmart businesses know that high-quality requirements are the cornerstone of any successful software development project. This fun and friendly ebook is an introduction to the role that is central to requirements: the Business Analyst. It explains why the role is so critical and how Business Analysts are transforming software projects.