B. Chess scite author profile

We want to help developers and security practitioners understand common types of coding errors that lead to vulnerabilities. By organizing these errors into a simple taxonomy, we can teach developers to recognize categories of problems that lead to vulnerabilities and identify existing errors as they build software.The information contained in our taxonomy is most effectively enforced via a tool. In fact, all of the errors included in our taxonomy are amenable to automatic identification using static source code analysis techniques.We demonstrate why our taxonomy is not only simpler, but also more comprehensive than other modern taxonomy proposals and vulnerability lists. We provide an in-depth explanation and one or more code-level examples for each of the errors on a companion web site: http://vulncat.fortifysoftware.com.

show abstract

Improving computer security using extended static checking

Chess

View full text Add to dashboard Cite

We describe a method for finding security flaws in source code by way of static analysis. The method is notable because it allows a user to specify a wide range of security properties while also leveraging a set of predefined common flaws. It works by using an automated theorem prover to analyze verification conditions generated from C source code and a set of specifications that define security properties. We demonstrate that the method can be used to identify real vulnerabilities in real programs.

show abstract

Beyond the byzantine generals: unexpected behavior and bridging fault diagnosis

Lavo

Larrabee

Chess

View full text Add to dashboard Cite

Probabilistic mixed-model fault diagnosis

Lavo

Chess²,

Larrabee³

et al.

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

B. Chess

Static analysis for security

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

Improving computer security using extended static checking

Beyond the byzantine generals: unexpected behavior and bridging fault diagnosis

Probabilistic mixed-model fault diagnosis

Contact Info

Product

Resources

About