Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Basic CWE-121 Buffer Overflow Effectiveness Test Suite

Published

Author(s)

Paul E. Black, Hsiao-Ming M. Koo, Thomas F. Irish

Abstract

Phase 3 of MITRE's Common Weakness Enumeration (CWE) Compatibility and Effectiveness program allows a customer to understand how effective a software assurance tool is at finding weaknesses and what code complexities it handles. Phase 3 is based on suites of test programs, but gives no criteria about how many programs are needed, their nature, how effectiveness is defined, or other details. We recommend principles in selecting a test suite for CWE effectiveness, and present a basic effectiveness test suite in C for CWE-121 Stack-based Buffer Overflow. For transparency we also document our steps in developing it. Finally, we suggest future work including code complexities.
Proceedings Title
Proc. 6th Latin-American Symposium on Dependable Computing
Conference Dates
April 1-5, 2013
Conference Location
Rio de Janeiro
Conference Title
6th Latin-American Symposium on Dependable Computing

Keywords

software assurance, common weakness enumeration (CWE), static source code analysis

Citation

Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed October 6, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created April 1, 2013, Updated February 19, 2017
Was this page helpful?