Sound Static Analysis: 5-point seat belts for your code

Paul E. Black - National Institute of Standards and Technology (NIST)

As co-author of the NIST report "Dramatically Reducing Software Vulnerabilities", I learned many lessons and want to share some of them. First, I'll compare static analysis to testing (dynamic analysis). Next I'll briefly explain what Formal Methods are, why there is growing enthusiasm about the approach, and how they can improve your software process. I'll end with the place that strong languages and sound static analysis have in improving cybersecurity.

Download this presentation 

Paul Black

About Paul E. Black

Dr. Paul E. Black has nearly 20 years of industrial experience in areas such as developing software for IC design and verification, assuring software quality, and managing business data processing.  He is now a Computer Scientist for the U.S. National Institute of Standards and Technology (NIST) in the Software Quality Group of the NIST Information Technology Laboratory. Dr. Black earned a Ph.D. at Brigham Young University in 1998.  He has taught classes at Brigham Young University and Johns Hopkins University. He is a member of ACM and IEEE Computer Society and a senior member of IEEE.