| Summary: | Various software vulnerabilities classifications have been constructed since the early 70s for correct understanding of vulnerabilities, and thus acts as a strong foundation to protect and prevent software from exploitation. However, despite all research efforts, exploitable vulnerabilities still exist in most major software, the most common still being C overflows vulnerabilities. C overflow vulnerabilities are the most frequent vulnerabilities to appear in various advisories with high impact or critical severity. Partially but significantly, this is due to the absence of a source code perspective taxonomy to address all types of C overflow vulnerabilities. Therefore, we propose this taxonomy, which also classifies the latest C overflow vulnerabilities into four new categories. We also describe ways to detect and overcome these vulnerabilities, and hence, acts as a valuable reference for developers and security analysts to identify potential security C loopholes so as to reduce or prevent exploitations altogether. © 2011 Springer-Verlag.
|
|---|