Event description
In this seminar, I will present the state-of-the-art in practical software quality assurance (SQA) with a particular focus on the role of static program analysis. The role of rigorous verification in such a landscape is discussed on various standards and practical examples. The seminar reviews key international standards and taxonomies relevant to SQA, including MITRE’s CVE and CWE classifications, the OWASP Top 10, NIST’s NVD and SAMATE initiatives, as well as sector-specific regulations. These frameworks establish common nomenclature, evaluation criteria, and compliance requirements that guide the development and assessment of secure software systems. Within this context, the seminar analyzes the strengths and limitations of static program analyzers, examining their theoretical foundations, coverage properties, and practical challenges such as soundness, scalability, and false-positive rates.