Provided by: The Society of Digital Information and Wireless Communications (SDIWC)
Date Added: Sep 2011
Since early 70s, software vulnerabilities have been classified and measured for various purposes including software assurance. Out of many software vulnerabilities, C vulnerabilities are the most common subject discussed, classified and measured. However, there are still gaps in those early works as C vulnerabilities still exist and reported by various security advisors. The most common and highly ranked is C overflow vulnerabilities. Therefore, the authors propose this taxonomy, which classified all existing overflow vulnerabilities including four vulnerabilities that have never been classified before. They also provide a guideline to identified and avoid these vulnerabilities from source code perspective.