Approach

To achieve higher levels of security, reliability and availability of digital systems, we need to answer questions such as:

To be able to answer these questions, we need a vastly improved way to describe classes of vulnerabilities and chains of failures.

For that we are developing the Bugs Framework (BF) by factoring and restructuring of information contained in Common Weakness Enumeration (CWE), Software Fault Patterns (SFP), Semantic Templates (ST) and numerous other sources on software vulnerabilities and attacks (see the Enlightenment link). The goal is to categorize unambiguously the types of weaknesses, allowing similarities and differences to be easily explored and examined.

The BF organizes software weaknesses (bugs) into distinct classes, such as Buffer Overflow (BOF), Injection (INJ), and Control of Interaction Frequency (CIF). It is an hierarchy of abstract & concrete classes of bugs with: