The main expected and measurable results are the following:
1) A series of enhancements and breakthroughs for the theoretical security analysis techniques used in the field of software security. At the academic level this will be measured as a series of publications in the fields of Static Analysis, Software Engineering and Debugging, Software Security, and Formal Methods.
2) The production of the software analysis STANCE toolbox for C99 ISO C, C++03 ISO C++ and Java SE 7 code, of industrial quality. The toolbox will include the Frama-C, VeriFast, and Flinder tools, enhanced with:
The source code analysis tools will be accompanied by manuals and methodological guidelines tailored for security engineers and software developers. A majority of the software developments will be made available under permissive licenses, compatible with existing tools, and extensible to further evolutions. The STANCE toolbox will demonstrate competitive performance on a priori defined test cases and be quality controlled during its development to achieve a high quality product ready for industrial use.
3) Three industrial use cases used to refine the platform requirements and validate the STANCE source code analysis tools. Results will be measured against the cost and effectiveness of manual code review on similar code bases. A comparison with industrial in-house ad-hoc techniques will also be performed if possible.
4) An evaluation of the relevance of the STANCE toolbox for preparing and helping the security certification of an application or software system. This assessment will include a proposal for integration within existing and future normative standards.
5) An assessment of the project’s social, legal, and economic impact. It will be evaluated by the size of the audience in the project’s dissemination events (attendance to real events and internet traffic to web dissemination tools); we will also monitor the impact of the project’s results in specialized and mainstream media.