BF Publications
Irena Bojanova, Inventor, Creator, PI, Bugs Framework (BF)

Please, reference BF publications recent than year 2020, as they start developing my ideas on BF;s formalism – originally shared in my 2014/2015 preseantations. If in doubt, please seek guidance from the BF PI .

I. Bojanova and J. J. Guerrerio, “Labeling Software Security Vulnerabilities,” in IT Professional, vol. 25, no. 5, pp. 64-70, Sep.-Oct. 2023, doi: 10.1109/MITP.2023.3314368 , Local Download
Author Contributions --> IB: Original ideas on BF CWEs specification as (bug/fault, operation, error/final error) triples and on labeling CVEs utilizing BF's taxonomy (formal language vocabulary); Conceptualization; Methodology; Visualization; Software; Writing- Original Draft preparation; Supervision. IB and JJG: Investigation -- analyzing and specifying CWEs and CVEs (incl. identifying CWE-BF associations, CWEs triples and causing triples, CWEs similarities and overlaps); Writing- Reviewing and Editing.
A. Gueye, C. Galhardo and I. Bojanova, “Critical Software Security Weaknesses” in IT Professional, vol. 25, no. 04, pp. 11-16, 2023. doi: 10.1109/MITP.2023.3297387 , Local Download
I. Bojanova and C. E. Galhardo, “Heartbleed Revisited: Is it just a Buffer Over-Read?,” in IT Professional, vol. 25, no. 2, pp. 83-89, Mar.-Apr. 2023, doi: 10.1109/MITP.2023.3259119 , Local Download
I. Bojanova and C. E. Galhardo, “Bug, Fault, Error, or Weakness: Demystifying Software Security Vulnerabilities,” IT Professional, vol. 25, no. 1, pp. 7-12, Jan.-Feb. 2023, doi: 10.1109/MITP.2023.3238631 , Local Download
I. Bojanova, C. E. Galhardo and S. Moshtari, “Data Type Bugs Taxonomy: Integer Overflow, Juggling, and Pointer Arithmetics in Spotlight,” 2022 IEEE 29th Annual Software Technology Conference (STC), 2022, pp. 192-205, doi: 10.1109/STC55697.2022.00035 , Local Download (has CWE-BF di-graphs with links)
I. Bojanova, C. E. Galhardo and S. Moshtari, “Input/Output Check Bugs Taxonomy: Injection Errors in Spotlight,” 2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), 2021, pp. 111-120 , doi: 10.1109/ISSREW53611.2021.00052 , Local Download (has CWE-BF di-graphs with links)
A. Gueye, C. E. Galhardo, I. Bojanova and P. Mell, “A Decade of Reoccurring Software Weaknesses,” in IEEE Security & Privacy, vol. 19, no. 6, pp. 74-82, Nov.-Dec. 2021, doi: 10.1109/MSEC.2021.3082757 , Local Download
I. Bojanova and C. Eduardo Galhardo, “Classifying Memory Bugs Using Bugs Framework Approach,” 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC, 2021), pp. 1157-1164, doi: 10.1109/COMPSAC51774.2021.00159 , Local Download (has CWE-BF di-graphs with links)
C. E. Galhardo, P. Mell, I. Bojanova and A. Gueye, “Measurements of the Most Significant Software Security Weaknesses,” Annual Computer Security Applications Conference (ACSAC), pp. 154–164, Dec. 2020, doi: 10.1145/3427228.3427257 , Local Download
I. Bojanova, Y. Yesha, P. E. Black and Y. Wu, “Information Exposure (IEX): A New Class in the Bugs Framework (BF),” 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), 2019, pp. 559-564, doi: 10.1109/COMPSAC.2019.00086 , Local Download
I. Bojanova, Y. Yesha and P. E. Black, “Randomness Classes in Bugs Framework (BF): True-Random Number Bugs (TRN) and Pseudo-Random Number Bugs (PRN),” 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), 2018, pp. 738-745, doi: 10.1109/COMPSAC.2018.00110 , Local Download
I. Bojanova, P. E. Black and Y. Yesha, “Cryptography classes in bugs framework (BF): Encryption bugs (ENC), verification bugs (VRF), and key management bugs (KMN),” 2017 IEEE 28th Annual Software Technology Conference (STC), 2017, pp. 1-8, doi: 10.1109/STC.2017.8234453 , Local Download
P. E. Black and I. Bojanova, “Defeating Buffer Overflow: A Trivial but Dangerous Bug,” in IT Professional, vol. 18, no. 6, pp. 58-61, Nov.-Dec. 2016, doi: 0.1109/MITP.2016.117 1, Local Download
I. Bojanova, P. E. Black, Y. Yesha and Y. Wu, “The Bugs Framework (BF): A Structured Approach to Express Bugs,” 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS), 2016, pp. 175-182, doi: 10.1109/QRS.2016.29 , Local Download .
Author Contributions --> IB: Original Ideas, Conceptualization, and Methodology for creating BF classes; Writing- Original draft preparation; Visualization; Supervision. IB, YY: Development- Creating the BF BOF, INJ, and CIF classes. IB, YY, PEB: Investigation- Analyzing CWEs and CVEs. All authors: Writing- Reviewing and Editing.
Wu, Y., Bojanova, I., Yesha, Y. , “ They Know Your Weaknesses - Do You?: Reintroducing Common Weakness Enumeration. Supply Chain Assurance ,” September/October 2015, CrossTalk (The Journal of Defense Software Engineering).
Author Contributions --> IB Conceptualization; Writing- Original draft preparation; Visualization; Supervision. All authors: Writing- Reviewing and Editing.
NIST, ITL, Science Day Posters
I. Bojanova, Bug, Fault, Error, Weakness, or Vulnerability , NIST, ITL, Science Day, 11/07/2023.
I. Bojanova, Bugs Framework , NIST, ITL, Science Day, 11/07/2023.
I. Bojanova, J. J. Guerrerio, Eduard Pinconschi Labeling Software Security Vulnerabilities , NIST, ITL, Science Day, 11/07/2023.
Author Contributions --> IB: Original ideas, Conceptualization, and Methodology; Writing- Original draft preparation; Visualization; Supervision. IB and JJG: Investigation -- analyzing and specifying momory related CWEs and CVEs, Writing- Reviewing and Editing. IB: Investigation- analyzing and specifying CVE-2023-38435. EP: Investigation- Reviweing CVE-2023-38435.
Presentations
I. Bojanova, P. E. Black, Y. Yesha, and Y. Wu, Towards a “Periodic Table” of Bugs , NIST, ITL, SSD, SAMATE meeting, Apr. 8, 2015.
Author Contributions --> IB: Original ideas, Conceptualization, and Methodology for creating BF classes; Writing- Original draft preparation; Visualization; Supervision. IB, YY: Development- Creating the BF BOF, INJ, and CIF classes. IB, YY, PEB: Investigation- Analyzing CWEs and CVEs. All authors: Writing- Reviewing and Editing.
I. Bojanova, Formalizing Software Bugs , NIST, SSD, Division Chief, Ram Sriram, meeting with the Information-technology Promotion Agency (IPA), Japan delegation, NIST 222/A318, Dec. 9, 2014.
Author Contributions IB: Original Ideas, Conceptualization, Methodology; Writing- Original draft preparation; Visualization, Writing- Reviewing and Editing.