The purpose of the workshop is to convene researchers, developers, and government and industrial users of software security assurance (SSA) tools to refine the taxonomy of flaws and the taxonomy of SSA tool functions, converge on which SSA functions should first have specifications and tests developed, gather SSA tool developers for "target practice" on the reference datasets, and identify gaps or requirements for research in SSA functions. There are contributions describing basic research, novel applications, and experience relevant to SSA tools and their evaluation. The reference datasets are code with known flaws and vulnerabilities, with corresponding correct versions, to be used as references for tool testing, to make research easier, and to be a standard of evaluation. Tools ranging from commercial products to university projects "shoot holes" in the datasets to suggest extensions, improvements, etc. This is a U.S. National Institute of Standards and Technology SAMATE (http://samate.nist.gov/) workshop.