tsipenyuk taxonomia Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors Katrina Tsipenyuk Brian Chess Gary McGraw Fortify Software Fortify Software Cigital 2300 Geng Road, Suite 102 2300 Geng Road, Suite 102 21351 Ridgetop Circle, Suite 400 Palo Alto, CA 94303 Palo Alto, CA 94303 Dulles, VA 20166 1-650-213-5600 katrina@fortifysoftware.com 1-650-213-5600 brian@fortifysoftware.com 1-703-404-9293 gem@cigital.com ABSTRACT We want to help developers and security practitioners understand common types of coding errors that lead to vulnerabilities. By organizing these errors into a simple taxonomy, we can teach developers to recognize categories of problems that lead to vulnerabilities and identify existing errors as they build software. The information contained in our taxonomy is most effectively enforced via a tool. In f...