[Federal Register Volume 70, Number 152 (Tuesday, August 9, 2005)]
[Notices]
[Page 46147]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-15724]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Institute of Standards and Technology


Notice of Workshop To Participate in the Development of Software 
Assurance Metrics

AGENCY: National Institute of Standards and Technology, Commerce.

ACTION: Notice of workshop.

-----------------------------------------------------------------------

SUMMARY: The National Institute of Standards and Technology (NIST) 
announces the first in a series of planned workshops being held in 
support of NIST's Software Assurance Metrics and Tool Evaluation 
(SAMATE) project. NIST is working with industry, academia, and users:
     To identify deficiencies in software assurance (SA) 
methods and tools
     To develop metrics for the effectiveness of SA tools.
    NIST invites parties interested in these issues to contribute to 
the specification of such metrics and to the development of reference 
data sets capable of testing the effectiveness of SA tools. These 
reference data sets, when used during an SA tool's development, can aid 
in building a correct implementation with regard to these metrics.
    The first workshop ``Defining the State of the Art in Software 
Security Tools'' is being held at NIST Gaithersburg August 10 and 11. 
Future Workshops will be announced on the Project's Web site http://samate.nist.gov/ and on other SA forums.

DATES: The first workshop is being held at NIST Gaithersburg August 10, 
9 a.m. to 5 p.m. and August 11, 2005, 9 a.m. to 1 p.m.

FOR FURTHER INFORMATION CONTACT: For further information, you may visit 
the Software Assurance Metrics Project Website at http://samate.nist.gov/. In addition, you may telephone Dr. Paul E. Black at 
(301) 975-4794, or by e-mail at: [email protected].

SUPPLEMENTARY INFORMATION: In support of its Software Assurance Metrics 
and Tool Evaluation (SAMATE) project, NIST is working with industry, 
academia, and users:
     To identify deficiencies in software assurance (SA) 
methods and tools
     To develop metrics for the effectiveness of SA tools.
    The SA Metrics Project surveys current SA tools and develops a 
classification scheme, grouping SA tools with similar functionality or 
capability. A set of metrics and tests are developed for each tool 
class. Source/object code vulnerability scanners are an example of one 
possible class. A series of Workshops will be used to:
     Validate the tool classes.
     Establish priorities for the order in which SA tool 
classes are tested.
     Help determine the required and optional functionality for 
each class of SA tools.
    After a tool class is selected, requirements, metrics, and tests 
for these functionalities are developed. Classification and testing 
activities can proceed simultaneously. As a result, a draft 
specification and test methodology for the highest priority tool class 
is developed. Further information on the project, including the Project 
Plan, may be found at the Project's Web site http://samate.nist.gov/ 
and on other SA forums.

    Dated: August 3, 2005.
Matthew Heyman,
Chief of Staff.
[FR Doc. 05-15724 Filed 8-8-05; 8:45 am]
BILLING CODE 3510-13-P