Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Paul E. Black; Hsiao-Ming M. Koo; Thomas F. Irish;|
|Title:||A Basic CWE-121 Buffer Overflow Effectiveness Test Suite|
|Published:||April 01, 2013|
|Abstract:||Phase 3 of MITRE's Common Weakness Enumeration (CWE) Compatibility and Effectiveness program allows a customer to understand how effective a software assurance tool is at finding weaknesses and what code complexities it handles. Phase 3 is based on suites of test programs, but gives no criteria about how many programs are needed, their nature, how effectiveness is defined, or other details. We recommend principles in selecting a test suite for CWE effectiveness, and present a basic effectiveness test suite in C for CWE-121 Stack-based Buffer Overflow. For transparency we also document our steps in developing it. Finally, we suggest future work including code complexities.|
|Conference:||6th Latin-American Symposium on Dependable Computing|
|Proceedings:||Proc. 6th Latin-American Symposium on Dependable Computing|
|Location:||Rio de Janeiro, -1|
|Dates:||April 1-5, 2013|
|Keywords:||software assurance, common weakness enumeration (CWE), static source code analysis|
|Research Areas:||Software Testing Metrics|
|PDF version:||Click here to retrieve PDF version of paper (603KB)|