NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A Basic CWE-121 Buffer Overflow Effectiveness Test Suite
Published
Author(s)
Paul E. Black, Hsiao-Ming M. Koo, Thomas F. Irish
Abstract
Phase 3 of MITRE's Common Weakness Enumeration (CWE) Compatibility and Effectiveness program allows a customer to understand how effective a software assurance tool is at finding weaknesses and what code complexities it handles. Phase 3 is based on suites of test programs, but gives no criteria about how many programs are needed, their nature, how effectiveness is defined, or other details. We recommend principles in selecting a test suite for CWE effectiveness, and present a basic effectiveness test suite in C for CWE-121 Stack-based Buffer Overflow. For transparency we also document our steps in developing it. Finally, we suggest future work including code complexities.
Proceedings Title
Proc. 6th Latin-American Symposium on Dependable Computing
Conference Dates
April 1-5, 2013
Conference Location
Rio de Janeiro
Conference Title
6th Latin-American Symposium on Dependable Computing
Black, P.
, Koo, H.
and Irish, T.
(2013),
A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117
(Accessed October 6, 2025)