Visible to the public Memory Bugs Classes in the NIST Bugs Framework (BF)Conflict Detection Enabled


The NIST Bugs Framework (BF) is an orthogonal classification of software bugs. A precise BF description of a software vulnerability would reveal the key steps for remediation of this vulnerability. Currently, BF covers Injection (INJ), Control of Interaction Frequency (CIF), Cryptography Bugs (ENC, VRF, KMN), Randomness Bugs (PRN, TRN), and Memory Bugs (MAD, MAL, MUS, MDL). In this presentation, we discuss our newly developed Memory Bugs cluster, consisting of the following BF classes: Memory Address Bugs (MAD), Memory Allocation Bugs (MAL), Memory Use Bugs (MUS), and Memory Deallocation Bugs (MDL). We present the BF Memory Bugs model, the causes-attributes-consequences graphs, and illustrative BF descriptions of specific CVEs.

Irena Bojanova is a computer scientist at the National Institute of Standards and Technology (NIST) and the PI of the Bugs Framework (BF) project. She earned her Ph.D. in Mathematics/ Computer Science from the Bulgarian Academy of Sciences. Irena is a Senior member of IEEE CS and serves as the Editor in Chief (EIC) of the IEEE IT Professional magazine.

Carlos E. C. Galhardo is a researcher at the Brazilian National Institute of Metrology, Quality and Technology, INMETRO. He is working at NIST as a guest researcher with the SAMATE--BF team. He earned his Ph.D in Physics from Universidade Federal Fluminense. His research interests include data analysis, physics of information and software security in embedded systems (measurement instruments).


Irena Bojanova
Carlos Galhardo