Organizational Structures

There have beem many efforts to create organizational structures about software security bugs and weaknesses. Such examples are the Landwehr et. al. Taxonomy of Computer Program Security Flaws and the Common Weakness Enumeration (CWE) , and the Common Vulnerabilities and Exposures (CVE) . However, we need more formal approaches to produce precise, machine readable descriptions of all software security vulnerabilities underligned by such weaknesses leading, that eventually lead to software security failures. This would alllow the creation of labeled datasets for diverse related ML and AI research.

Just as the structure of the periodic table reflects the underlying atomic structure, we are developing the Bugs Framework (BF) as a structured, complete, orthogonal, classification systems following the natural organization of software bugs and weaknesses, while verifying it towards widely used bugs/weaknesses enumerations, compendia, and collections. We get out inspiration also from organizational structures in science, such as the Periodic Table of Elements, the Tree of Life, the Geographic Coordinate System, and the Dewey Decimal Classification System.

Mendeleev’s Periodic Table

However obvious the Mendeleev’s Periodic Table seems today, it required extensive thought and investigation:

  • Greeks used element and atom to name differences between materials and smallest parts of matter.
  • In 330 BC, Aristotle proposed that everything is a mixture of “root elements”: Earth, Fire, Air, Water.

Aristotle's Root Elements (Source: Reich Chemistry)

  • In the Middle Ages, alchemists made lists of materials, such as alcohol, sulfur, mercury, and salt.

  • Lavoisier created a list of 33 elements - e.g. oxygen, nitrogen, hydrogen, phosphorus, mercury, zinc, sulfur, light, and caloric, and distinguished metals from non-metals.

  • Dalton realized " atoms of same element are identical in all respects, particularly weight."

  • In 1800s, several tables of elements were developed:

  • De Chancourtois first noticed periodicity of elements.When ordered by their atomic weights, similar elements occur at regular intervals.

  • Mendeleev’s Periodic Table in 1869 and his forecast of properties of missing elements reflected the century of growth in knowledge that reflects atomic structure: Columns correspond to the number of electrons in the outer shell and the fundamental chemical properties. Rows correspond to the number of electron shells.

Discovery of Chemical Elements - click on image for detailed view (Source: Wikimedia Commons)

Tree of Life

Discoveries of more than 1,000 new types of bacteria and Archaea over the past 15 years have dramatically rejiggered the Tree of Life to account for these microscopic life forms. The new Tree of Life divides life into three domains: Bacteria, Archaea and Eukaryotes. It clearly shows that “life we see around us - plants, animals, humans and other so-called eukaryotes - represent a tiny percentage of the world’s biodiversity.”

The Tree of Life - click on image for detailed view (Source: Berkeley)

Geographic Coordinate System

The Geographic Coordinate System allows to specify any location on the Earth using Latitude, Longitude and Elevation. Longitude lines are perpendicular and latitude lines are parallel to the equator.

Geographic Coordinate System (Source: Wikipedia )

Dewey Decimal Classification System

The Dewey Decimal Classification System allows new books and whole new subjects to be placed in reasonable locations in a library, for easy retrieval based on subject.

Categories of Dewey Decimal Classification System. (Source: Appleton)