Title :
A taxonomy of software security defects for SST
Author :
Hui, ZhanWei ; Huang, Song ; Hu, Bin ; Ren, Zhengping
Author_Institution :
PLA Software Test & Evaluation Centre for Mil. Training, PLA Univ. of Sci. & Technol., Nanjing, China
Abstract :
Software security test (SST) is a useful way to validate software system security attribute. Defects based testing technologies are more effective than traditional specification testing technologies, and more and more researchers pay their attention to the testing methods. Before testing, an organized list of actual defects is especially essential. But at present the only existing suitable taxonomies are mostly for software designers or tool-builders, and do not adequately represent security defects that are found in modern software. In our work, we have coalesced previous efforts to categorize security errors as well as problem reports in order to create a kind of security defects taxonomy. We correlate this taxonomy with available information about current Top 10 software dangerous errors, which come from CWE, SANS and other authoritative vulnerabilities enumerations. We suggest that this taxonomy is suitable for software security testers and to outline possible areas of future research.
Keywords :
program testing; security of data; CWE; SANS; defects based testing technologies; software dangerous errors; software designers; software security defects taxonomy; software security test; software system security attribute; tool-builders; Computers; Encoding; Security; Software; Storage area networks; Testing; flaw; security defect taxonomy; software software security test; vulnerability;
Conference_Titel :
Intelligent Computing and Integrated Systems (ICISS), 2010 International Conference on
Conference_Location :
Guilin
Print_ISBN :
978-1-4244-6834-8
DOI :
10.1109/ICISS.2010.5656736