Review of software security defects taxonomy

Authors:
Zhanwei Hui;Song Huang;Zhengping Ren;Yi Yao
Affiliations:
PLA Software Test and Evaluation Centre for Military Training, PLA University of Science and Technology, Nanjing, Jiangsu Province, PRC;PLA Software Test and Evaluation Centre for Military Training, PLA University of Science and Technology, Nanjing, Jiangsu Province, PRC;PLA Software Test and Evaluation Centre for Military Training, PLA University of Science and Technology, Nanjing, Jiangsu Province, PRC;PLA Software Test and Evaluation Centre for Military Training, PLA University of Science and Technology, Nanjing, Jiangsu Province, PRC
Venue:
RSKT'10 Proceedings of the 5th international conference on Rough set and knowledge technology
Year:
2010

Citing 13
Cited 0

Crisis and aftermath

Communications of the ACM
Orthogonal Defect Classification-A Concept for In-Process Measurements

IEEE Transactions on Software Engineering - Special issue on software measurement principles, techniques, and environments
A taxonomy of computer program security flaws

ACM Computing Surveys (CSUR)
An analysis of security incidents on the Internet 1989-1995

An analysis of security incidents on the Internet 1989-1995
Formal Models for Computer Security

ACM Computing Surveys (CSUR)
Using Programmer-Written Compiler Extensions to Catch Security Holes

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
How to Systematically Classify Computer Security Intrusions

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Processes for Producing Secure Software: Summary of US National Cybersecurity Summit Subgroup Report

IEEE Security and Privacy
Software Security Testing

IEEE Security and Privacy
A software flaw taxonomy: aiming tools at security

SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)

The Art of Software Security Testing: Identifying Software Security Flaws (Symantec Press)
Software Security

IEEE Security and Privacy
Operating system penetration

AFIPS '75 Proceedings of the May 19-22, 1975, national computer conference and exposition

Quantified Score

Hi-index	0.00

Visualization

Abstract

An organized list of actual defects can be useful for software security test (SST). In order to target their technology on a rational basis, it would be useful for security testers to have available a taxonomy of software security defects organizing the problem space. Unfortunately, the only existing suitable taxonomies are mostly for tool-builders and software designers, or based on vulnerabilities and security errors, and do not adequately represent security defects that are found in modern software. In our work, we have reviewed the traditional software security errors or vulnerabilities taxonomies. Based on analyzing in its target, motivation and insufficiency, we have compared 9 kinds of taxonomies, which would be useful for defects based software security testing.