Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Basic CWE-121 Buffer Overflow Effectiveness Test Suite

Published

Author(s)

Paul E. Black, Hsiao-Ming M. Koo, Thomas F. Irish

Abstract

Phase 3 of MITRE's Common Weakness Enumeration (CWE) Compatibility and Effectiveness program allows a customer to understand how effective a software assurance tool is at finding weaknesses and what code complexities it handles. Phase 3 is based on suites of test programs, but gives no criteria about how many programs are needed, their nature, how effectiveness is defined, or other details. We recommend principles in selecting a test suite for CWE effectiveness, and present a basic effectiveness test suite in C for CWE-121 Stack-based Buffer Overflow. For transparency we also document our steps in developing it. Finally, we suggest future work including code complexities.
Proceedings Title
Proc. 6th Latin-American Symposium on Dependable Computing
Conference Dates
April 1-5, 2013
Conference Location
Rio de Janeiro
Conference Title
6th Latin-American Symposium on Dependable Computing

Keywords

software assurance, common weakness enumeration (CWE), static source code analysis

Citation

Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed December 5, 2022)
Created April 1, 2013, Updated February 19, 2017