Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

A Structured Approach to Classifying Security Vulnerabilities

  • Abstract

    Understanding vulnerabilities is critical to understanding the threats they represent. Vulnerabilities classification enables collection of frequency data; trend analysis of vulnerabilities; correlation with incidents, exploits, and artifacts; and evaluation of the effectiveness of countermeasures. Existing classification schemes are based on vulnerability reports and not on an engineering analysis of the problem domain. In this report a classification scheme that uses attribute-value pairs to provide a multidimensional view of vulnerabilities is proposed. Attributes and values are selected based on engineering distinctions that allow vulnerabilities to be exploited by a given technique or determine which countermeasures are effective. Successful classification of vulnerabilities should lead to greater automation in analyzing code vulnerabilities and supporting effective communication between geographically remote vulnerability handling teams and vendors.

  • Download

Cite This Report

SEI

Seacord, Robert; & Householder, Allen. A Structured Approach to Classifying Security Vulnerabilities (CMU/SEI-2005-TN-003). Software Engineering Institute, Carnegie Mellon University, 2005. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7377

IEEE

Seacord. Robert, and Householder. Allen, "A Structured Approach to Classifying Security Vulnerabilities," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2005-TN-003, 2005. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7377

APA

Seacord, Robert., & Householder, Allen. (2005). A Structured Approach to Classifying Security Vulnerabilities (CMU/SEI-2005-TN-003). Retrieved December 19, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7377

CHI

Robert Seacord, & Allen Householder. A Structured Approach to Classifying Security Vulnerabilities (CMU/SEI-2005-TN-003). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7377

MLA

Seacord, Robert., & Householder, Allen. 2005. A Structured Approach to Classifying Security Vulnerabilities (Technical Report CMU/SEI-2005-TN-003). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7377