A Taxonomy of Computer Program Security Flaws, with Examples

Abstract

An organized record of actual flaws can be useful to computer system designers, programmers, analysts, administrators, and users. This paper provides a taxonomy for computer program security flaws together with an appendix that carefully documents 50 actual security flaws. These flaws have all been described previously in the open literature, but in widely separated places. For those new to the field of computer security, they provide a good introduction to the characteristics of security flaws and how they can arise. Because these flaws were not randomly selected from a valid statistical sample of such flaws, we make no strong claims concerning the likely distribution of actual security flaws within the taxonomy. However, this method of organizing security flaw data can help those who have custody of more representative samples to organize them and to focus their efforts to remove and, eventually, to prevent the introduction of security flaws.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 1994
Accession Number
ADA465587

Entities

People

  • Alan R. Bull
  • Carl E. Landwehr
  • John P. Mcdermott
  • William S. Choi

Organizations

  • United States Naval Research Laboratory

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Application Software
  • Computer Access Control
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Electronic Mail
  • Information Systems
  • Object Code
  • Operating Systems
  • Software Development
  • System Software

Fields of Study

  • Computer science

Readers

  • Instructional Design and Training Evaluation.
  • Materials Science (Mechanical Engineering).
  • Strategic Security Studies

Technology Areas

  • Cyber