BF Security Rules CWE API
Irena Bojanova, Inventor/Creator, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~ #

//Exclusive Rights Only//

The BF Security Rules CWE APP/API generates datasets of BF Improper States by CWE (where applicable) that should not be present at code execution to assure code safety.

• UI

  [https://«coming soon»/BFSecurityRules.xml/CWE](https://«coming soon»/BFSecurityRules.xml/CWE)
  [https://«coming soon»/BFSecurityRules.json/CWE](https://«coming soon»/BFSecurityRules.json/CWE)

  Note: ID="-1" if no CWE corresponds to that BF Wwakness Triple.

• API
  

  C#
  

  HttpClient client = new HttpClient() { BaseAddress = new Uri("https://<<coming soon>>") };
  
  //to be updated <-- replace YOUR_USER_NAME and YOUR_KEY
  client.DefaultRequestHeaders.Add("user", YOUR_USER_NAME);
  client.DefaultRequestHeaders.Add("key", YOUR_KEY);
  
  //result in XML
  var responseXML = await client.GetAsync("BFSecurityRules.xml/CWE/api");
  responseXML.EnsureSuccessStatusCode();        
  var resultXML = await responseXML.Content.ReadAsStringAsync();
  
  //result in JSON
  var responseJSON = await client.GetAsync("BFSecurityRules.json/CWE/api");       
  responseJSON.EnsureSuccessStatusCode();         
  var resulJSON = await responseJSON.Content.ReadAsStringAsync();
  

  Python

  //to be added//

BF PATENT PENDING
U.S. Patent Application No. PCT/US2025/038662 Bugs Framework (BF): A System for Formal Specification of Cybersecurity Weaknesses and Vulnerabilities, Definition of Secure Coding Principles, and Generation of Weakness and Vulnerability Datasets and Vulnerability Classifications. Inventor: Irena Bojanova, NIST.

BF CITATION:
Bojanova I (2024) Bugs Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP), NIST SP 800-231. https://doi.org/10.6028/NIST.SP.800-231