U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

The Bugs Framework (BF): A Structured Approach to Express Bugs

Published

Author(s)

Irena Bojanova, Paul E. Black, Yaacov Yesha, Yan Wu

Abstract

To achieve higher levels of assurance for digital systems, we need to answer questions such as, does this software have bugs of these critical classes? Do these two tools generally find the same set of bugs, or different, complimentary sets? Can we guarantee that a new technique discovers all problems of this type? To answer such questions, we need a vastly improved way to describe classes of vulnerabilities and chains of failures. This paper presents a descriptive framework that will lift the current realm of best efforts and useful heuristics. Our framework includes rigorous definitions and (static) characteristics of bug classes, along with their related dynamic properties, such as proximate, secondary, and tertiary causes and consequences (CCC), and sites. The paper discusses the buffer overflow class, the injection class, and the interaction frequency control class, and provides examples of applying our taxonomy to describe particular vulnerabilities.
Proceedings Title
IEEE International Conference on Software Quality, Reliability & Security (QRS 2016)
Conference Dates
August 1-3, 2016
Conference Location
Viena, AT
Conference Title
2016 IEEE International Conference on Software Quality, Reliability and Security
Pub Type
Conferences

Download Paper

https://doi.org/10.1109/QRS.2016.29
Local Download

Keywords

software weaknesses, bug taxonomy, software vulnerabilities, attacks
Cybersecurity

Citation

Bojanova, I. , Black, P. , Yesha, Y. and Wu, Y. (2016), The Bugs Framework (BF): A Structured Approach to Express Bugs, IEEE International Conference on Software Quality, Reliability & Security (QRS 2016), Viena, AT, [online], https://doi.org/10.1109/QRS.2016.29, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=920564 (Accessed April 26, 2024)

Created October 13, 2016, Updated November 17, 2021