BF Impact
Irena Bojanova, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~~ #

The Bugs Framework (BF) will allow precise communication about software bugs and weaknesses and will help identify exploit mitigation techniques.

• Government could improve the descriptions in public vulnerability repositories and create policies and guidelines for software testing.

• Software companies could improve the testing tools and their bug reports and implement automatic bugs finding and fixing.

• Professors could teach better about bugs and weaknesses and conduct research on formalizing software bugs.

All this will lead to improved communication about software vulnerabilities, increased precision of code review tools, and decreasing software bugs and weaknesses.

In more details: #

• Produced by the BF Tools Set precise BF descriptions of software vulnerabilities as chains of bug-weaknesses-failure will allow clear communication among software developers, testers, IT professionals, and IT managers.

• The NIST NVD entries will be available in machine readable formats that cyber security researchers can use for building code review tools and a broad spectrum of ML and AI systems for detection of software vulnerabilities and exploring complex malicious attacks. This will aid better software development/coding practices, mitigation designs, automated cyber testing capabilities, and will greatly advance our way of securing the cyberspace and the critical infrastructure.

• The BF taxonomy will allow clear explanations of what happens in a vulnerability to IT professionals and non-IT executives, as well as researchers, developers, and students. It will support development of precise software testing tools with unambiguous reports.