BF Backward API
Irena Bojanova, Inventor/Creator, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~ #

The BF Backward API provides the BFVUL Tool backwards bugs identification functionality.

The BF formalism supports a deeper understanding of vulnerabilites as chains of weaknesses and allows for backward bug identficaton from a failure. It enables the development of new statc and dynamic analysis, simulaton, and emulaton algorithms. AI or formal methods-enabled capabilites could be used to identfy bugs and detect, analyze, prioritze, and resolve or mitgate vulnerabilites (i.e., fix the bug or a fault of each vulnerability, respectvely) to secure critcal infrastructure and supply chains.

• BF Backward API → Key required:

  https://samate.nist.gov/services/BF/BFVulnerability.xml/BFBackward/IEX?finalError=Query%20Injection&key=‘YOUR_KEY’
  https://samate.nist.gov/services/BFVulnerability.json/BFBackward/IEX?finalError=Query%20Injection&key=‘YOUR_KEY’

• Programatically → Key required:
  

  C# - simplified

  HttpClient client = new HttpClient() { BaseAddress = new Uri("https://samate.nist.gov/services/BF") };
  
  //replace YOUR_USER_NAME and YOUR_KEY
  client.DefaultRequestHeaders.Add("user", YOUR_USER_NAME);
  client.DefaultRequestHeaders.Add("key", YOUR_KEY);
  
  var response = await BFClient.SendRequest("BFVulnerability/BFBackward/IEX/api", HttpMethod.Get, responseType: MediaTypeNames.Application.Xml);
  response.EnsureSuccessStatusCode();
  
  var result = await response.Content.ReadAsStringAsync();
  

  Python

  //to be added//

BF CITATION:
Bojanova I (2024) Bugs Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP), NIST SP 800-231. https://doi.org/10.6028/NIST.SP.800-231