I. Bojanova and C. E. Galhardo, "Bug, Fault, Error, or Weakness: Demystifying Software Security Vulnerabilities," in IT Professional, vol. 25, no. 1, pp. xx-xx, PREPRINT, 1 Jan.-Feb. 2023, doi: 10.1109/MITP.2023.0000000.
|
I. Bojanova, C. E. Galhardo and S. Moshtari, "Data Type Bugs Taxonomy: Integer Overflow, Juggling, and Pointer Arithmetics in Spotlight,"
2022 IEEE 29th Annual Software Technology Conference (STC), 2022, pp. 192-205, doi: 10.1109/STC55697.2022.00035,
CWE-BF di-graphs with links: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=935220
|
I. Bojanova, C. E. Galhardo and S. Moshtari, "Input/Output Check Bugs Taxonomy: Injection Errors in Spotlight,"
2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 2021, pp. 111-120
, doi: 10.1109/ISSREW53611.2021.00052,
CWE-BF di-graph with links: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933193
|
A. Gueye, C. E. Galhardo, I. Bojanova and P. Mell, "A Decade of Reoccurring Software Weaknesses,"
in IEEE Security & Privacy, vol. 19, no. 6, pp. 74-82, Nov.-Dec. 2021, doi:
10.1109/MSEC.2021.3082757,
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932064
|
I. Bojanova and C. Eduardo Galhardo, "Classifying Memory Bugs Using Bugs Framework Approach,"
2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC, 2021, pp. 1157-1164, doi:
10.1109/COMPSAC51774.2021.00159,
CWE-BF di-graph with links: https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930038
|
C. E. Galhardo, P. Mell, I. Bojanova and A. Gueye, “Measurements of the Most Significant Software Security Weaknesses,”
Annual Computer Security Applications Conference (ACSAC), pp. 154–164, Dec. 2020,
doi: 10.1145/3427228.3427257,
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930459
|
I. Bojanova, Y. Yesha, P. E. Black and Y. Wu, "Information Exposure (IEX): A New Class in the Bugs Framework (BF),"
2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), 2019, pp. 559-564,
doi: 10.1109/COMPSAC.2019.00086,
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927491
|
I. Bojanova, Y. Yesha and P. E. Black, "Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN)
and Pseudo-Random Number Bugs (PRN)," 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC),
2018, pp. 738-745, doi: 10.1109/COMPSAC.2018.00110,
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925123
|
I. Bojanova, P. E. Black and Y. Yesha, "Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF),
and key management bugs (KMN),"
2017 IEEE 28th Annual Software Technology Conference (STC), 2017, pp. 1-8,
doi:10.1109/STC.2017.8234453,
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=923663
|
P. E. Black and I. Bojanova, "Defeating Buffer Overflow: A Trivial but Dangerous Bug," in IT Professional,
vol. 18, no. 6, pp. 58-61, Nov.-Dec. 2016, doi: 0.1109/MITP.2016.1171,
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=921507
|
I. Bojanova, P. E. Black, Y. Yesha and Y. Wu, "The Bugs Framework (BF): A Structured Approach to Express Bugs,"
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS), 2016,
pp. 175-182, doi: 10.1109/QRS.2016.29,
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=920564
|
Wu, Y., Bojanova, I., Yesha, Y. , "They Know Your Weaknesses - Do You?: Reintroducing Common Weakness Enumeration. Supply Chain Assurance,"
September/October 2015, CrossTalk (The Journal of Defense Software Engineering),
https://web.archive.org/web/20180425211828id_/http://static1.1.sqspcdn.com/static/f/702523/26523304/1441780301827/201509-Wu.pdf?token=WJEmDLgmpr3rIZHriubA20L%2F1%2F4%3D
|