Black, P.
, Koo, H.
and Irish, T.
(2013),
A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117
(Accessed October 6, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A Basic CWE-121 Buffer Overflow Effectiveness Test Suite
Published
Author(s)
, ,
Abstract
Phase 3 of MITRE's Common Weakness Enumeration (CWE) Compatibility and Effectiveness program allows a customer to understand how effective a software assurance tool is at finding weaknesses and what code complexities it handles. Phase 3 is based on suites of test programs, but gives no criteria about how many programs are needed, their nature, how effectiveness is defined, or other details. We recommend principles in selecting a test suite for CWE effectiveness, and present a basic effectiveness test suite in C for CWE-121 Stack-based Buffer Overflow. For transparency we also document our steps in developing it. Finally, we suggest future work including code complexities.Proceedings Title
Proc. 6th Latin-American Symposium on Dependable Computing
Conference Dates
April 1-5, 2013
Conference Location
Rio de Janeiro
Conference Title
6th Latin-American Symposium on Dependable Computing
Pub Type
Conferences
Download Paper
Keywords
software assurance, common weakness enumeration (CWE), static source code analysis
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created April 1, 2013, Updated February 19, 2017