tsipenyuk taxonomia Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors Katrina Tsipenyuk Brian Chess Gary McGraw Fortify Software Fortify Software Cigital 2300 Geng Road, Suite 102 2300 Geng Road, Suite 102 21351 Ridgetop Circle, Suite 400 Palo Alto, CA 94303 Palo Alto, CA 94303 Dulles, VA 20166 1-650-213-5600 katrina@fortifysoftware.com 1-650-213-5600 brian@fortifysoftware.com 1-703-404-9293 gem@cigital.com ABSTRACT We want to help developers and security practitioners understand common types of coding errors that lead to vulnerabilities. By organizing these errors into a simple taxonomy, we can teach developers to recognize categories of problems that lead to vulnerabilities and identify existing errors as they build software. The information contained in our taxonomy is most effectively enforced via a tool. In fact, all of the errors included in our taxonomy are amenable to automatic identification using stat
TECHNICAL REPORT ISO/IEC TR 15504-4 First edition 1998-08-15 Information technology — Software process assessment — Part 4: Guide to performing assessments Technologies de l’information — Évaluation des procédés du logiciel — Partie 4: Guide pour l’exécution des évaluations Reference number ISO/IEC TR 15504-4:1998(E) Contents © ISO/IEC 1998 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and micro- film, without permission in writing from the publisher. ISO/IEC Copyright Office · Case postale 56 · CH-1211 Genève 20 · Switzerland Printed in Switzerland • Model elements and indicators ................................................................................................... 6 • Mapping ...............................