BF Publications
Irena Bojanova, Inventor/Creator, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~~

Please, reference BF publications recent than year 2020, as some old BF classes are now covered by new more comprehensive classes and some – are withdrawn. They also start developing my ideas on BF's formalism – originally shared in my 2014/2015 presentations. Please use as source about the BF class taxonomies this website and the publications listed here – any other publications may provide misleading information. If in doubt, please seek guidance from the BF PI .

Papers

Bojanova I (2024) Bugs Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilites . (Natonal Insttute of Standards and Technology, Gaithersburg, MD), NIST Special Publicaton (SP), NIST SP 800-231. htps://doi.org/10.6028/NIST.SP.800-231
Mell, P, Bojanova, I., Galhardo, C., Measuring the Exploitation of Weaknesses in the Wild , in IT Professional, vol. 26, no. 3, pp. 14-21, May.-Jun. 2024, doi: 10.1109/MITP.2024.3399485
Bojanova, I., Comprehensively Labeled Weakness and Vulnerability Datasets via Unambiguous Formal Bugs Framework (BF) Specifications , in IT Professional, vol. 26, no. 1, pp. 60-68, Jan.-Feb. 2024, doi: 10.1109/MITP.2024.3358970
Bojanova, I. and Guerrerio, J., Labeling Software Security Vulnerabilities , in IT Professional, vol. 25, no. 5, pp. 64-70, Sep.-Oct. 2023, doi: 10.1109/MITP.2023.3314368 .
Gueye, A., Cardoso Galhardo, C. and Bojanova, I., Critical Software Security Weaknesses in IT Professional, vol. 25, no. 04, pp. 11-16, Jul.-Aug. 2023. doi: 10.1109/MITP.2023.3297387 .
Bojanova, I. and Cardoso Galhardo, C., Heartbleed Revisited: Is it just a Buffer Over-Read? , in IT Professional, vol. 25, no. 2, pp. 83-89, Mar.-Apr. 2023, doi: 10.1109/MITP.2023.3259119 .
Bojanova, I. and Cardoso Galhardo, C., Bug, Fault, Error, or Weakness: Demystifying Software Security Vulnerabilities , IT Professional, vol. 25, no. 1, pp. 7-12, Jan.-Feb. 2023, doi: 10.1109/MITP.2023.3238631 .
Bojanova, I., Cardoso Galhardo, C. and Moshtari, S., Data Type Bugs Taxonomy: Integer Overflow, Juggling, and Pointer Arithmetics in Spotlight , 2022 IEEE 29th Annual Software Technology Conference (STC), 2022, pp. 192-205, doi: 10.1109/STC55697.2022.00035 , Local Download (has CWE-BF di-graphs with links) .
Bojanova, I., Cardoso Galhardo, C. and Moshtari, S., Input/Output Check Bugs Taxonomy: Injection Errors in Spotlight ], 2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 2021, pp. 111-120, doi: 10.1109/ISSREW53611.2021.00052 , Local Download (has CWE-BF di-graphs with links)
Bojanova, I. and Cardoso Galhardo, C., Classifying Memory Bugs Using Bugs Framework Approach , 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC, 2021), pp. 1157-1164, doi: 10.1109/COMPSAC51774.2021.00159 , Local Download (has CWE-BF di-graphs with links)
Gueye, A., Cardoso Galhardo, C., Bojanova, I. and P. Mell, A Decade of Reoccurring Software Weaknesses , in IEEE Security & Privacy, vol. 19, no. 6, pp. 74-82, Nov.-Dec. 2021, doi: 10.1109/MSEC.2021.3082757 .
Bojanova, I., The Bugs Framework (BF) ; The Bugs Framework (BF) - with notes , 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC, 2021)
Cardoso Galhardo, C., P. Mell, Bojanova, I. and Gueye, A., Measurements of the Most Significant Software Security Weaknesses , Annual Computer Security Applications Conference (ACSAC), pp. 154–164, Dec. 2020, doi: 10.1145/3427228.3427257
Bojanova, I., Yesha, Y., Black, P. and Wu, Y., Information Exposure (IEX): A New Class in the Bugs Framework (BF) , 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), 2019, pp. 559-564, doi: 10.1109/COMPSAC.2019.00086 .
Bojanova, I., Yesha, Y. and Black, P., Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN) , 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), 2018, pp. 738-745, doi: 10.1109/COMPSAC.2018.00110 .
Bojanova, I., Black, P. and Yesha, Y., Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN) , 2017 IEEE 28th Annual Software Technology Conference (STC), 2017, pp. 1-8, doi: 10.1109/STC.2017.8234453 .
Bojanova, I., Black, P., Yesha, Y. and Wu, Y., The Bugs Framework (BF): A Structured Approach to Express Bugs , 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS), 2016, pp. 175-182, doi: 10.1109/QRS.2016.29 .
Wu, Y., Bojanova, I., Yesha, Y., They Know Your Weaknesses - Do You? : Reintroducing Common Weakness Enumeration. Supply Chain Assurance, September/October 2015, CrossTalk (The Journal of Defense Software Engineering), Local Download , Local Download - Sept/Oct Issue .

Presentations

Bojanova, I., Bugs Framework: Formalizing Cybersecurity Weaknesses and Vulnerabilities , Office of the National Cyber Director (ONCD), Apr, 4, 2024.
Bojanova, I., Bugs Framework: Formalizing Cybersecurity Weaknesses and Vulnerabilities , National Defense Industrial Association (NDIA) Trust & Assurance Committee (T&AC), Mar. 28, 2024.
Bojanova, I., Bugs Framework (BF): Formalizing Software Security Bugs, Weaknesses, and Vulnerabilities , NIST ITL Science Day 2023, Nov. 8, 2023.
Bojanova, I., BF: Bug, Fault, Error, Weakness, or Vulnerability , NIST ITL Science Day 2023, Nov. 8, 2023.
Bojanova, I., Labeling Software Security Vulnerabilities , NIST ITL Science Day 2023, Nov. 8, 2023.
Bojanova, I., Bugs Framework (BF): Overview , NIST - INMETRO Discussion with Brazilian Government officials, Nov. 08, 2023.
Bojanova, I., Bugs Framework (BF): BF Formal Language , NIST ITL CSD Security Research Review (SRR), Oct. 25, 2023.
Bojanova, I., Bugs Framework (BF): BF for AI and ML (Ontology of Software Bugs and Weaknesses; and Reference Dataset of Formally Described Software Security Vulnerabilities) , Johns Hopkins University Applied Physics Laboratory (JHU APL), Feb. 17, 2023.
Bojanova, I., BF for CHIPS: A Formal Language for Describing and Backtracking Chips Triggered Software Vulnerabilities , NIST ITL SSD SAMATE meeting, Feb. 8, 2023.
Bojanova, I., Explainable Vulnerabilities Descriptions with NIST BF , Ericson Program Analysis Workshop, Dec. 1, 2022.
Bojanova, I., BF Keynote-Explainable Vulnerabilities Descriptions with NIST BF , IEEE International Symposium on Software Reliability Engineering, Software Hardware Interaction Faults & International Workshop on Software Faults (ISSRE, SHIFT & IWSF 2022), Oct. 31, 2022.
Bojanova, I., BF Lecture: Understanding Software Security Vulnerabilities Descriptions with NIST BF , IEEE Reliability Society (RS) Certificate Program 2022, Jul. 15, 2022.
Bojanova, I., Bugs Framework(BF), BIECO EU Research Project , Nov. 16, 2021.
Bojanova, I., Bugs Framework (BF): Input/Output Check Classes and BF Specification of Heartbleed , NIST ITL CSD Security Research Review (SRR), Nov. 8, 2021.
Bojanova, I., Cardoso Galhardo, C., Input/Output Check Bugs and Injection , NIST ITL Science Day 2021, Oct. 28, 2021.
Bojanova, I., The NIST Bugs Framework (BF) - Input/Output Check Bugs Taxonomy: Injection Errors in Spotlight , 2021 IEEE International Symposium on Software Reliability Engineering’ (ISSRE 2021), Oct. 25, 2021.
Bojanova, I., Bugs Framework (BF) , Johns Hopkins University Applied Physics Laboratory (JHU APL), Jul 23, 2021.
Bojanova, I., Bugs Framework(BF) , Cybersecurity and Infrastructure Security Agency (CISA), Jul. 20, 2021.
Bojanova, I., Bugs Framework (BF): Data Type Bugs Taxonomy: Integer Overflow, Juggling, and Pointer Arithmetics in Spotlight , IEEE Software Technology Conference (STC 2022), Oct. 3, 2022.
Bojanova, I., Classifying Memory Bugs Using Bugs Framework Approach , 2021 IEEE 45th Annual Computer Software and Applications Conference (COMPSAC), Jul. 12, 2021.
Bojanova, I., Bugs Framework (BF) , NIST ITL SSD Assessment Panel, Jun. 20, 2021.
Bojanova, I., Bugs Framework (BF) , Invited Talk, St. John’s University, MS CYB Spring 2021 Spring Research Seminary, May 4, 2021.
Bojanova, I., Cardoso Galhardo, C., Memory Bugs Classes in Bugs Framework , NIST ITL Science Day 2020, Oct. 29, 2020.
Bojanova, I., [Bugs Framework (BF): Memory Corruption/Disclosure Classes], NIST ITL CSD Security Research Review (SRR), Sep. 16, 2020.
Bojanova, I., Cardoso Galhardo, C., Memory Bugs Classes in NIST Bugs Framework (BF) , - and Handouts - , High Confidence Software and Systems Conference (HCSS) , Sep. 15, 2020.
Bojanova, I., Bugs Framework (BF), NIST ITL SSD Division Chief meeting with Vint Cerf, VP and Chief Internet Evangelist, Google, Jul. 24, 2020.
Bojanova, I., Bugs Framework (BF), Rochester Institute of Technology (RIT), Mar. 18, 2020.
Bojanova, I., Information Exposure (IEX) Class in the Bugs Framework (BF) , NIST ITL Science Day 2019, Nov. 6, 2019.
Bojanova, I., Bugs Framework (BF) – Your Best Friend? , SATE VI Workshop, Sep. 19, 2019.
Bojanova, I., Bugs Framework (BF), NIST ITL SSD Software Systems Review (SSR), Sep. 3, 2019.
Bojanova, I., Bugs Framework (BF): Introduction , Bugs Framework (BF): Information Exposure (IEX), Random Number Generation (RND), Cryptographic Store or Transfer (CST) , Networking and Information Technology Research and Development (NITRD) Program, National Coordination Office (NCO), CSIA, Aug. 22, 2019.
Bojanova, I., Information Exposure (IEX): A New Class in the Bugs Framework (BF), 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Jul. 15, 2019.
Bojanova, I., Bugs Framework (BF): Introduction , Bugs Framework (BF): Information Exposure (IEX), Random Number Generation (RND), Cryptographic Store or Transfer (CST) , Networking and Information Technology Research and Development (NITRD) Program, National Coordination Office (NCO), SPSQ, Jul. 11, 2019.
Bojanova, I., Information Exposure (IEX) Class in the Bugs Framework (BF) , High Confidence Software and Systems Conference (HCSS) 2019, Apr. 29, 2019.
Bojanova, I., Bugs Framework (BF) , Networking and Information Technology Research and Development (NITRD) Program, National Coordination Office (NCO), SPSQ, Feb. 1, 2018.
Bojanova, I., Cryptography Classes in Bugs Framework (BF): Encryption Bugs (ENC), Verification Bugs (VRF), and Key Management Bugs (KMN).pdf , NIST ITL Science Day 2017, Nov. 02, 2017.
Bojanova, I., Cryptography Classes in Bugs Framework (BF) , IEEE Software Technology Conference (STC) 2017, Sep. 25, 2017.
Bojanova, I., The Bugs Framework (BF) Hands-On , - and Exercises - , IEEE Software Quality, Reliability, and Security Conference (QRS) 2017, Jul. 25, 2017.
Bojanova, I., The new Cryptographic Store/Transfer (CST) Class from Bugs Framework (BF) , High Confidence Software and Systems Conference (HCSS) 2017, May 8, 2017.
Bojanova, I., Bugs Framework (BF) Tutorial , - and Handouts - , Symposium on the Science of Security (HotSoS), Apr. 4, 2017.
Bojanova, I., Bugs Framework (BF): Software developer’s and tester’s Best Friend , NIST ITL CSD Security Research Review (SRR), Nov. 2, 2016.
Bojanova, I., Bugs Framework (BF) , NIST ITL Science Day 2016, Oct. 13, 2016.
Bojanova, I., Black, P., Bugs Framework (BF): A Structured Integrated Framework to Express Bugs , High Confidence Software and Systems Conference (HCSS) , May 10, 2016.
Bojanova, I., Towards a Periodic Table of Bugs , NIST ITL SSD SAMATE meeting, Apr. 8, 2015.
Bojanova, I., Yesha, Y., Black, P., Wu, Y., Towards Formalizing Software Bugs - Abstract , High Confidence Software and Systems Conference (HCSS) 2015, prepared for submission, Feb. 18, 2015.
Bojanova, I., Formalizing Software Bugs , NIST ITL SSD Division Chief meeting with the Information-technology Promotion Agency (IPA), Japan delegation, NIST 222/A318, Dec. 9, 2014.