Tue 6 Nov 2018 15:30 - 15:55 at Franklin - Showcase & Wrapup Chair(s): Tucker Taft

Static analysis tools are now widely used in industry, academia, and open-source for finding serious defects and security vulnerabilities. Experience has shown that deeper integrations with other tools in DevOps or SecOps environments can drastically increase the effectiveness of static analysis. Most integrations are ad-hoc pairwise connections, which inhibits flexibility and adoption, so there is a need for standards to remove those barriers. This talk briefly describes SARIF (Static Analysis Results Interchange Format) - an open standard for tool results, and introduces SASP (Static Analysis Server Protocol) - an early-stage mechanism for allowing tools to actively interact in a plug-and-play fashion. The plan to modernize several open-source tools under the DHS-funded STAMP program is given.

Tue 6 Nov

Displayed time zone: Guadalajara, Mexico City, Monterrey change

15:30 - 17:00
Showcase & WrapupHILT at Franklin
Chair(s): Tucker Taft AdaCore
15:30
25m
Industry talk
Security Showcae -- Modernizing Static Analysis Tools to Facilitate Integrations
HILT
Paul Anderson GrammaTech, Inc
15:55
25m
Industry talk
Security Showcase -- Ensuring Cyber Resilience through Entropy-Augmented Replication
HILT
Mario Troiani Virtual Software Systems
16:20
25m
Industry talk
Security Showcase -- SPARK Formal Verification for Security
HILT
Tucker Taft AdaCore
16:45
15m
Day closing
Workshop Wrapup
HILT
Tucker Taft AdaCore