The Software Assurance Metrics and Tool Evaluation (SAMATE) is a project developed by the National Institute of Standards and Technology to allow for better methods to be developed and deployed for software assurance.

The project has specific goals to develop a methodology to assess assurance tools for software development, which will be achieved through the use of specified tools with robust plans for tests and data sets for those tests. The idea is that SAMATE will then inform developers of assurance tools so that they can improve on their offerings. In the same breath, it will also allow users of assurance tools to make choices that are better informed.

Some of the results of the project include:

  • Security Analyzers for Source Code – There’s already a draft test plan for these tools and a completed specification document for the plan.
  • Vulnerability Scanners for Web Applications – There’s a full specification in place and a test framework. This should enable better evaluation of tools that are designed to crawl a web application and then determine where any vulnerabilities lie.
  • Binary Code Scanning – Work has begun to develop specifications and test frameworks for tools which identify flaws in the code of binary applications in their compiled states.
  • Exposition of Static Analysis Tools – SAMATE also aims to assess suitable tools for research that work with large data sets during testing, as well as help improve them and increase their adoption by demonstrating their effectiveness when applied to real software applications.
The following two tabs change content below.


Latest posts by Administrator (see all)

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.