Software Fault Patterns (SFP)

The Software Fault Patterns (SFP) [1] are a clustering of CWEs into related weakness categories. Each cluster is factored into formally defined attributes, with sites ("footholds"), conditions, properties, sources, sinks, etc. This work overcomes the problem of combinations of attributes in CWE. For instance, the SFP factored attributes are more clear than the irregular coverage of CWEs.

SFP categorizes 632 CWEs plus there are 8 deprecated CWEs, so the CWEs defined as weaknesses total 640. In addition, there are: 21 primary clusters, 62 secondary clusters, 310 discernible CWEs, 36 unique SFPs. [3]

Clusters and SFPs

Primary ClustersSecondary ClusterSFP
1. Risky Values1. Glitch in ComputationSFP1
2. Unused Entities1. Unused EntitiesSFP2
3. API1. Use of an Improper APISFP3
4. Exception Management1. Unchecked Status Condition
2. Ambiguous Exception Type
3. Incorrect exception Behavior
SFP4
SFP5
SFP6
5. Memory Access1. Faulty Pointer Use
2. Faulty Buffer Access
3. Faulty String Expansion
4. Incorrect Buffer Length Computation
5. Improper NULL Termination
SFP7
SFP8
SFP9
SFP10
SFP11
6. Memory Management1. Faulty Memory ReleaseSFP12
7. Resource Management1. Unrestricted Consumption
2. Failure to release resource
3. Faulty Resource Use
4. Life Cycle
SFP13
SFP14
SFP15

8. Path Resolution1. Path Traversal
2. Failed Chroot Jail
3. Link in Resource Name Resolution
SFP16
SFP17
SFP18
9. Synchronization1. Missing Lock
2. Race Condition Window
3. Multiple Locks/Unlocks
4. Unrestricted Lock
SFP19
SFP20
SFP21
SFP22
10. Information Leak1. Exposed Data
2. State Disclosure
3. Exposure Through Temporary files
4. Other Exposures
5. Insecure Session Management
SFP23




11. Tainted Input1. Tainted Input to Command
2. Tainted Input to Variable
3. Composite Tainted Input
4. Faulty input Transformation
5. Incorrect Input Handling
6. Tainted Input to Environment
SFP24
SFP25
SFP26


SFP27
12. Entry Points1. Unexpected Access PointsSFP28
13. Authentication1. Authentication Bypass
2. Faulty Endpoint Authentication
3. Missing Endpoint Authentication
4. Digital Certificate
5. Missing Authentication
6. Insecure Authentication Policy
7. Multiple binds to the Same Port
8. Hardcoded Sensitive Data
9. Unrestricted Authentication

SFP29
SFP30

SFP31

SFP32
SFP33
SFP34
14. Access Control1. Insecure Resource Access
2. Insecure Resource Permissions
3. Access Management
SFP35


15. Privilege1. PrivilegeSFP36
16. Channel1. Channel Attack
2. Protocol Error


17. Cryptography1. Broken Cryptography
2. Weak Cryptography


18. Malware1. Malicious Code
2. Covert Channel


19. Predictability1. Predictability
20. UI1. Feature
2. Information Loss
3. Security



21. Other1. Architecture
2. Design
3. Implementation
4. Compiler




Example

SFP 8 Faulty Buffer Access

Notes

References

    [3] B. A. Calloni, D. Campara, and N. Mansourov. White Box Definitions of Software Fault Patterns. Final Report. Lockheed Martin Corporation and KDM Analytics, Inc. 2011.