An organized record of actual flaws can be useful to computer system designers, programmers, analysts, administrators, and users. This survey provides a taxonomy for computer program security flaws, with an Appendix that documents 50 actual security flaws. These flaws have all been described previously in the open literature, but in widely separated places. For those new to the field of computer security, they provide a good introduction to the characteristics of security flaws and how they can arise. Because these flaws were not randomly selected from a valid statistical sample of such flaws, we make no strong claims concerning the likely distribution of actual security flaws within the taxonomy. However, this method of organizing security flaw data can help those who have custody of more representative samples to organize them and to focus their efforts to remove and, eventually, to prevent the introduction of security flaws.
Copy REPORT DOCUMENTATION PAGE OOf.00IPub reponrtng burden for hId collection of Informtion Is setuamted to evere I hour per re"onse. Inclucngte oe *s for reviewingi ist•amtions, eewhlng existing det source, gtewing and maIntelnin the del needed, end competing and rviewing the colleeton of Information. Send Approved for public release; distribution unlimited. ABSTRACT (Maximum 200 words)An organized record of actual flaws can be useful to designers, implementors, and evaluators of computer systems. This paper provides a taxonomy for computer program security flaws together with an appendix that carefully documents 50 actual security flaws. These flaws have all been described previously in the open literature, but in widely separated places. For those new to the field of computer security, they provide a good introduction to the characteristics of security flaws and how they can arise. Because these flaws were not randomly selected from a valid statistical sample of such flaws, we make no strong claims concerning the likely distribution of actual security flaws within the taxonomy. However, this taxonomy can be used to organize and abstract more representative samples. Data organized this way could be used to focus efforts to remove security flaws and prevent their introduction. Computer security flaws are any conditions or circumstances that can result in denial of service, unauthorized disclosure, unauthorized destruction of data, or unauthorized modification of data [4]. Our taxonomy attempts to organize information about flaws so that, as new flaws are added, users will gain a fuller understanding of which parts of systems and which parts of the system life cycle are generating more security flaws than others. This information should be useful not only to designers, but also to those faced with the difficult task of assessing the security of a system already developed. To accurately assess the security of a computer system, an analyst must find its vulnerabilities. To do this, the analyst must understand the system thoroughly and recognize that computer security flaws that threaten system security may exist anywhere in the system.There is a legitimate concern that this kind ti information could assist those who would attack computer systems. Partly for this reason, we have limited the cases described here to those that already have been publicly documented elsewhere and are relatively old. We do not suggest that we have assembled a representative random sample of all known computer security flaws, but we have tried to include a wide variety. We offer the taxonomy for the use of those who are presently responsible for repelling attacks and correcting flaws. Their data, organized this way and abstracted, could be used to focus efforts to remove security flaws and prevent their introduction.Other taxonomies [5,6,71 have recently been developed for organizing data about software defects and anomalies of all kinds. These are primarily oriented toward collecting data during software development that will lead to...
Obtaining labeled data is a significant obstacle for many NLP tasks. Recently, online games have been proposed as a new way of obtaining labeled data; games attract users by being fun to play. In this paper, we consider the application of this idea to collecting semantic relations between words, such as hypernym/hyponym relationships. We built three online games, inspired by the real-life games of Scattergories TM and Taboo TM . As of June 2008, players have entered nearly 800,000 data instances, in two categories. The first type of data consists of category/answer pairs ("Types of vehicle","car"), while the second is essentially free association data ("submarine","underwater"). We analyze both types of data in detail and discuss potential uses of the data. We show that we can extract from our data set a significant number of new hypernym/hyponym pairs not already found in WordNet.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.