Communications of the ACM
Orthogonal Defect Classification-A Concept for In-Process Measurements
IEEE Transactions on Software Engineering - Special issue on software measurement principles, techniques, and environments
A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
How to Systematically Classify Computer Security Intrusions
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Processes for Producing Secure Software: Summary of US National Cybersecurity Summit Subgroup Report
IEEE Security and Privacy
IEEE Security and Privacy
A software flaw taxonomy: aiming tools at security
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)
The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)
IEEE Security and Privacy
AFIPS '75 Proceedings of the May 19-22, 1975, national computer conference and exposition
Hi-index | 0.00 |
An organized list of actual defects can be useful for software security test (SST). In order to target their technology on a rational basis, it would be useful for security testers to have available a taxonomy of software security defects organizing the problem space. Unfortunately, the only existing suitable taxonomies are mostly for tool-builders and software designers, or based on vulnerabilities and security errors, and do not adequately represent security defects that are found in modern software. In our work, we have reviewed the traditional software security errors or vulnerabilities taxonomies. Based on analyzing in its target, motivation and insufficiency, we have compared 9 kinds of taxonomies, which would be useful for defects based software security testing.