NIST

file

Visible to the public Tutorial: The Bugs Framework (BF) "Hands-On"

ABSTRACT: Advancements of scientific foundation in cybersecurity rely on the availability of accurate, precise, and non-ambiguous definitions of software weaknesses (bugs) and descriptions of software vulnerabilities. The Bugs Framework (BF) organizes software weaknesses into distinct classes, such as buffer overflow (BOF), injection (INJ), faulty operation (FOP), and control of interaction frequency (CIF).

file

Visible to the public Toward Precise and Accurate Descriptions of Weaknesses

Abstract:

MITRE's Common Weakness Enumeration (CWE) http://cwe.mitre.org/ is a list of several hundred classes of weakness that may be found in software. While it is a huge amount of progress over what was available a decade ago, there is still a lot of work to do. We propose some directions to significantly improve CWEs. These directions come from semantic templates, software fault patterns, and other work.

news

Visible to the public New Reports Define Strategic Vision, Propose R&D Priorities for Future Cyber-Physical Systems

Three new reports prepared for the National Institute of Standards and Technology (NIST) distill the perspectives of executives and technical experts from industry, academia and government on the "ifs" and the "what's next" of emerging intelligent systems-of-systems technologies.

The three reports are:

file

Visible to the public Foundations for Innovation in Cyber-Physical Systems

file

Visible to the public Software Assurance Metrics and Tool Evaluation