NIST is preparing the fifth Static Analysis Tool Exposition (SATE V). Briefly, participating tool makers run their static analyzer on a set of programs. Researchers led by NIST analyze the tool reports and present the results and experiences at a workshop. A detailed plan is available at: http://samate.nist.gov/SATE.html We plan to provide test cases by June 3rd. Tool makers will have until August 1st (if at all possible; September 1st at the latest) to run their tool and return their tool outputs. The main changes since SATE IV: 1. Virtual machines (VM) with the test cases will be hosted by the Software Assurance Marketplace (SWAMP). We will ask tool makers to install temporarily (for the duration of SATE V only) and run their tools in the assigned VMs. SWAMP is described at: http://www.cosalab.org 2. We will ask teams to provide a Coverage Claims Representation (CCR) of the weaknesses their tool can find. CCR is described at: http://cwe.mitre.org/compatible/ccr.html 3. So as to encourage wider participation, NIST will not make tool outputs publicly available, unless otherwise specified by the teams. In case a team wants to release its own data, we can host them on the SATE website. 4. We will recognize and encourage sound static analyzers (tools that in theory never report incorrect findings). We will publish our sound analysis criteria shortly. We invite tool makers to sign up. If you would like to participate in the exposition, or if you have questions or suggestions, please email Aurelien Delaitre (aure 'at' nist.gov).
