A Software Flaw Taxonomy: Aiming Tools at Security. Weber, S., Karger, P. A., & Paradkar, A. In Proceedings of the 2005 Workshop on Software Engineering for Secure Systems\&Mdash;Building Trustworthy Applications, of SESS '05, pages 1--7, New York, NY, USA, 2005. ACM.
A Software Flaw Taxonomy: Aiming Tools at Security [link]Paper  doi  abstract   bibtex   
Although proposals were made three decades ago to build static analysis tools to either assist software security evaluations or to find security flaws, it is only recently that static analysis and model checking technology has reached the point where such tooling has become feasible. In order to target their technology on a rational basis, it would be useful for tool-builders to have available a taxonomy of software security flaws organizing the problem space. Unfortunately, the only existing suitable taxonomies are sadly out-of-date, and do not adequately represent security flaws that are found in modern software.In our work, we have coalesced previous efforts to categorize security problems as well as incident reports in order to create a security flaw taxonomy. We correlate this taxonomy with available information about current high-priority security threats, and make observations regarding the results. We suggest that this taxonomy is suitable for tool developers and to outline possible areas of future research.
@inproceedings{ weber_software_2005,
  address = {New York, NY, USA},
  series = {{SESS} '05},
  title = {A {Software} {Flaw} {Taxonomy}: {Aiming} {Tools} at {Security}},
  isbn = {1-59593-114-7},
  shorttitle = {A {Software} {Flaw} {Taxonomy}},
  url = {http://doi.acm.org/10.1145/1082983.1083209},
  doi = {10.1145/1082983.1083209},
  abstract = {Although proposals were made three decades ago to build static analysis tools to either assist software security evaluations or to find security flaws, it is only recently that static analysis and model checking technology has reached the point where such tooling has become feasible. In order to target their technology on a rational basis, it would be useful for tool-builders to have available a taxonomy of software security flaws organizing the problem space. Unfortunately, the only existing suitable taxonomies are sadly out-of-date, and do not adequately represent security flaws that are found in modern software.In our work, we have coalesced previous efforts to categorize security problems as well as incident reports in order to create a security flaw taxonomy. We correlate this taxonomy with available information about current high-priority security threats, and make observations regarding the results. We suggest that this taxonomy is suitable for tool developers and to outline possible areas of future research.},
  urldate = {2014-08-29TZ},
  booktitle = {Proceedings of the 2005 {Workshop} on {Software} {Engineering} for {Secure} {Systems}\&{Mdash};{Building} {Trustworthy} {Applications}},
  publisher = {ACM},
  author = {Weber, Sam and Karger, Paul A. and Paradkar, Amit},
  year = {2005},
  keywords = {Testing, _based_on_landwehr, _domain_security, _done, _model_of_errors, _model_of_faults, _naming_fault_as_flaw_model, argument validation, asynchronous attacks, buffer overflows, security flaws, security taxonomies, static analysis},
  pages = {1--7}
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021