We also have a bibliography of other relevant papers and publications.
"Vulnerability Test Suite Generator (VTSG) Version 3", October 2023, NIST Interagency Report (IR) 8493. Paul E. Black, William Mentzer, Elizabeth Fong, and Bertrand Stivalet, DOI 10.6028/NIST.IR.8493
"SATE VI Report: Bug Injection and Collection," June 2023, NIST Special Publication (SP) 500-341. Aurelien Delaitre, Paul E. Black, Damien Cupif, Guillaume Haben, Alex-Kevin Loembe, Vadim Okun, Yann Prono, DOI 10.6028/NIST.SP.500-341
Static Analysis Tool Exposition (SATE) VI: Mobile Track Report, March 2023, NIST Internal Report (IR) 8462, Michael Ogata. DOI 10.6028/NIST.IR.8462.
I. Bojanova, C. E. Galhardo and S. Moshtari, "Data Type Bugs Taxonomy: Integer Overflow, Juggling, and Pointer Arithmetics in Spotlight," 2022 IEEE 29th Annual Software Technology Conference (STC), 2022, pp. 192-205, doi: 10.1109/STC55697.2022.00035.
I. Bojanova, C. E. Galhardo and S. Moshtari, "Input/Output Check Bugs Taxonomy: Injection Errors in Spotlight," 2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 2021, pp. 111-120 , doi: 10.1109/ISSREW53611.2021.00052.
A. Gueye, C. E. Galhardo, I. Bojanova and P. Mell, "A Decade of Reoccurring Software Weaknesses," in IEEE Security & Privacy, vol. 19, no. 6, pp. 74-82, Nov.-Dec. 2021, doi: 10.1109/MSEC.2021.3082757.
"Guidelines on Minimum Standards for Developer Verification of Software," October 2021, NIST Internal Report (IR) 8397, Paul E. Black, Vadim Okun, and Barbara Guttman, DOI 10.6028/NIST.IR.8397
I. Bojanova and C. Eduardo Galhardo, "Classifying Memory Bugs Using Bugs Framework Approach," 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC, 2021, pp. 1157-1164, doi: 10.1109/COMPSAC51774.2021.00159.
C. E. Galhardo, P. Mell, I. Bojanova and A. Gueye, “Measurements of the Most Significant Software Security Weaknesses,” Annual Computer Security Applications Conference (ACSAC), pp. 154–164, Dec. 2020, doi: 10.1145/3427228.3427257.
Many of these are available from us.