Re: [sarif] First Draft Statement of Relationship to Similar Work

[David Keaton <dmk@dmk.com>]

     In case anybody else had trouble understanding, I'll save you some 
time.  SCA means Static Code Analysis.  I had never heard it referred to 
with that acronym, even though I used to work at CERT, so I had to look 
it up.

On 2019-09-06 16:36, Nick Mansourov wrote:
> A minor edit : remove the word âinputâ in the following:
>
> > "TOIF's strategy involves creating adapters from various tools to the 
> > reporting format, and as such, it is focused on integrating the 
> > diverse inputÂformats into the lowest common denominator 
> > representation without having to modify the original tools. 
>
> (in is actually âoutputâ rather than input)
>
> What do you think ?

     The tool's output is TOIF's input, which is what I was thinking. 
I agree that it works better to delete the word input, though, since 
it's really both output and input.

> > TOIF normalizes the output of static analysis tools so that it can be 
> > used as evidence for digital certification of software.
> TOIF normalizes and integrates the output of static analysis tools and 
> other artifacts as evidence for software assurance.

     Yes, I like this new version of the sentence better.  Thanks.

					David