Application Security/Software Assurance


Education Level: Intermediate

5216 - Decision-making Factors in Software Testing Tool Selection

Tuesday, September 26
1:45 PM - 2:45 PM

Vulnerabilities in software can provide a gateway for adversaries to stage unauthorized system activities. To assist software developers with reducing and mitigating such vulnerabilities, numerous software testing tools are now available. Classes of tools include offerings for static code analysis, dynamic code analysis, origin analysis, supply chain management, fuzzing and correlation. With a growing number of tools in all classes available for detecting vulnerabilities in software, how do software developers decide which tools to invest time, money and personnel into using? There is no single tool or combination of testing tools that suits all software projects; each project will have its own unique attributes that lends itself to utilizing a given tool set.

This talk will present an overview of the types of testing tools available and provide advice and guidance for software developers on how to select an effective combination of tools for a given project. This will include a discussion of relevant tool decision-making factors, such as whether the code is written in-house or outsourced; programming language and platform used; whether it includes third-party libraries or open-source components; what type of environment the code will be deployed to; budget and resources available; compliance and regulatory concerns; and other technical constraints.

In short, the talk will offer insight on how to decide where to spend limited resources for software testing tools.

Learning Objectives:

Thomas P. Scanlon

Cyber Security Researcher
Software Engineering Institute - Carnegie Mellon University

Thomas Scanlon holds a doctoral degree in Information Systems and currently is a researcher in the CERT Division of the Software Engineering Institute at Carnegie Mellon University. He has 10-plus years industry experience with Fortune 500 companies. Thomas currently specializes in applied research topics related to secure software engineering, such as authentication and authorization, PKI, automated testing tools, secure coding practices, and software vulnerability discovery and management. During the past 18 months, he has worked directly with the Joint Federated Assurance Center (JFAC) within the Department of Defense on prototyping and selection of software testing tools and developing guidlines for others on selecting appropriate software testing tools.


Send Email for Thomas Scanlon


5216 - Decision-making Factors in Software Testing Tool Selection

MP3 Audio Slides Video

Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Decision-making Factors in Software Testing Tool Selection