This site presents a taxonomy of software security errors developed by the Fortify Software Security Research Group together with Dr. Gary McGraw. Each vulnerability category is accompanied by a detailed description of the issue with references to original sources, and code excerpts, where applicable, to better illustrate the problem.
The organization of the classification scheme is described with the help of terminology borrowed from Biology: vulnerability categories are referred to as phyla, while collections of vulnerability categories that share the same theme are referred to as kingdoms. Vulnerability phyla are classified into "seven plus one" pernicious kingdoms presented in the order of importance to software security:
- Input Validation and Representation
- API Abuse
- Security Features
- Time and State
- Errors
- Code Quality
- Encapsulation
- * Environment
The first seven kingdoms are associated with security defects in source code, while the last one describes security issues outside the actual code. To browse the kingdom and phylum descriptions, simply navigate the taxonomy tree on the left.
The primary goal of defining this taxonomy is to organize sets of security rules that can be used to help software developers understand the kinds of errors that have an impact on security. By better understanding how systems fail, developers will better analyze the systems they create, more readily identify and address security problems when they see them, and generally avoid repeating the same mistakes in the future.
When put to work in an analysis tool, a set of security rules organized according to this taxonomy is a powerful teaching mechanism. Because developers today are by and large unaware of the myriad ways they can introduce security problems into their work, making a taxonomy like this available should provide tangible benefits to the software security community.
Defining a better classification scheme can also lead to better tools: a better understanding of the problems will help researchers and practitioners create better methods for ferreting them out.
To learn more about the taxonomy, please refer to the original Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors and newly released The Evolution of a Taxonomy: Ten Years of Software Security papers.