OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [sarif] First Draft Statement of Relationship to Similar Work

Hello all,

I like this revision. May I suggest the following additions (inline):

> On Sep 6, 2019, at 11:22 AM, David Keaton <dmk@dmk.com> wrote:
> 
>     Here's what we have so far.  This is sufficient to fulfill our requirement for a standards relationship statement, though comments are still welcome.
> 
> "SARIF represents a different strategy for common representation of the results of static analysis.  The Object Management Group's Tool Output Integration Format (TOIF) is an existing standard in this space.  Its strategy involves creating adapters from various tools to the reporting format, and as such, it is focused on integrating the diverse input formats into the lowest common denominator representation without having to modify the original tools.
> 

TOIF solves an important problem for the organizations performing software assurance by providing a uniform and vendor-neutral way of deploying and running multiple tools on the same code base, disseminating and interpreting the combined findings, including the reduction in the costs of training developers in how to use multiple tools and, especially, how to interpret the results from each tool. 
TOIF is integrated with several other OMG standards related to software assurance.


> "By contrast, SARIF aims to support the full capabilities of advanced tools, which generally requires modifying the tools to produce SARIF output natively.â

Both SARIF and TOIF encourage third-party developers to build new capabilities for software assurance in a larger ecosystem of tools and services. Both specifications are aligned at their core concepts and a roadmap for interoperability has been defined. 

> 
> 					David
> 
> P.S.  Thanks to Nick Mansourov for the insight about TOIF being designed to produce the lowest common denominator output for compatibility's sake, as shown in this submission of his to the SARIF TC.
> 
> https://www.oasis-open.org/apps/org/workgroup/sarif/download.php/62623/Alignment_SARIF_TOIF.pdf
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]