A Critical Analysis of Vulnerability Taxonomies

Abstract

Computer vulnerabilities seem to be omnipresent. In every system fielded programming errors configuration errors and operation errors have allowed unauthorized users to enter systems or authorized users to take unauthorized actions. Efforts to eliminate the flaws have failed miserably; indeed sometimes attempts to patch a vulnerability have increased the danger. Further designers and implementers rarely learn from the mistakes of others in part because these security holes are so rarely documented in the open literature.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 1996
Accession Number
ADA453251

Entities

People

  • David Bailey
  • Matt Bishop

Organizations

  • University of California, Davis

Tags

Communities of Interest

  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Abstracts
  • Air Force
  • Ambiguity
  • Boundaries
  • Classification
  • Computer Programming
  • Computer Science
  • Computers
  • Directories
  • Electronic Mail
  • Language
  • Operating Systems
  • Security
  • System Software
  • Taxonomy
  • Validation
  • Vulnerability

Readers

  • Computational Linguistics
  • Computational Modeling and Simulation
  • Strategic Security Studies