Visible to the public Tutorial: The Bugs Framework (BF) "Hands-On"

ABSTRACT: Advancements of scientific foundation in cybersecurity rely on the availability of accurate, precise, and non-ambiguous definitions of software weaknesses (bugs) and descriptions of software vulnerabilities. The Bugs Framework (BF) organizes software weaknesses into distinct classes, such as buffer overflow (BOF), injection (INJ), faulty operation (FOP), and control of interaction frequency (CIF).


Visible to the public Toward Precise and Accurate Descriptions of Weaknesses


MITRE's Common Weakness Enumeration (CWE) is a list of several hundred classes of weakness that may be found in software. While it is a huge amount of progress over what was available a decade ago, there is still a lot of work to do. We propose some directions to significantly improve CWEs. These directions come from semantic templates, software fault patterns, and other work.


Visible to the public New Reports Define Strategic Vision, Propose R&D Priorities for Future Cyber-Physical Systems

Three new reports prepared for the National Institute of Standards and Technology (NIST) distill the perspectives of executives and technical experts from industry, academia and government on the "ifs" and the "what's next" of emerging intelligent systems-of-systems technologies.

The three reports are:


Visible to the public Foundations for Innovation in Cyber-Physical Systems


Visible to the public Software Assurance Metrics and Tool Evaluation