| I. Bojanova and C. E. Galhardo, "Bug, Fault, Error, or Weakness: Demystifying Software Security Vulnerabilities," in IT Professional, vol. 25, no. 1, pp. xx-xx, PREPRINT, 1 Jan.-Feb. 2023, doi: 10.1109/MITP.2023.0000000. |
| I. Bojanova, C. E. Galhardo and S. Moshtari, "Data Type Bugs Taxonomy: Integer Overflow, Juggling, and Pointer Arithmetics in Spotlight," 2022 IEEE 29th Annual Software Technology Conference (STC), 2022, pp. 192-205, doi: 10.1109/STC55697.2022.00035, CWE-BF di-graphs with links: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935220 |
| I. Bojanova, C. E. Galhardo and S. Moshtari, "Input/Output Check Bugs Taxonomy: Injection Errors in Spotlight," 2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 2021, pp. 111-120 , doi: 10.1109/ISSREW53611.2021.00052, CWE-BF di-graph with links: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933193 |
| A. Gueye, C. E. Galhardo, I. Bojanova and P. Mell, "A Decade of Reoccurring Software Weaknesses," in IEEE Security & Privacy, vol. 19, no. 6, pp. 74-82, Nov.-Dec. 2021, doi: 10.1109/MSEC.2021.3082757, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932064 |
| I. Bojanova and C. Eduardo Galhardo, "Classifying Memory Bugs Using Bugs Framework Approach," 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC, 2021, pp. 1157-1164, doi: 10.1109/COMPSAC51774.2021.00159, CWE-BF di-graph with links: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930038 |
| C. E. Galhardo, P. Mell, I. Bojanova and A. Gueye, “Measurements of the Most Significant Software Security Weaknesses,” Annual Computer Security Applications Conference (ACSAC), pp. 154–164, Dec. 2020, doi: 10.1145/3427228.3427257, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930459 |
| I. Bojanova, Y. Yesha, P. E. Black and Y. Wu, "Information Exposure (IEX): A New Class in the Bugs Framework (BF)," 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), 2019, pp. 559-564, doi: 10.1109/COMPSAC.2019.00086, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927491 |
| I. Bojanova, Y. Yesha and P. E. Black, "Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN)," 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), 2018, pp. 738-745, doi: 10.1109/COMPSAC.2018.00110, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925123 |
| I. Bojanova, P. E. Black and Y. Yesha, "Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN)," 2017 IEEE 28th Annual Software Technology Conference (STC), 2017, pp. 1-8, doi:10.1109/STC.2017.8234453, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=923663 |
| P. E. Black and I. Bojanova, "Defeating Buffer Overflow: A Trivial but Dangerous Bug," in IT Professional, vol. 18, no. 6, pp. 58-61, Nov.-Dec. 2016, doi: 0.1109/MITP.2016.1171, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=921507 |
| I. Bojanova, P. E. Black, Y. Yesha and Y. Wu, "The Bugs Framework (BF): A Structured Approach to Express Bugs," 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS), 2016, pp. 175-182, doi: 10.1109/QRS.2016.29, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=920564 |
| Wu, Y., Bojanova, I., Yesha, Y. , "They Know Your Weaknesses - Do You?: Reintroducing Common Weakness Enumeration. Supply Chain Assurance," September/October 2015, CrossTalk (The Journal of Defense Software Engineering), https://web.archive.org/web/20180425211828id_/http://static1.1.sqspcdn.com/static/f/702523/26523304/1441780301827/201509-Wu.pdf?token=WJEmDLgmpr3rIZHriubA20L%2F1%2F4%3D |