Generated Fri Oct 22 07:13:12 PDT 1999 by fc@red.all.net


Spafford92
  • [Spafford92] E. Spafford, Common System Vulnerabilities, Software Engineering Research Center, Computer Science Department, Purdue University, 24 March, 1992. [This paper categorizes and lists several common system vulnerabilities including; operational (administrative) flaws consisting of poor defaults, software misconfigured for hardware, vendor patches reintroducing old problems, backward compatability options, multiple-vendor or relaease-level hardware and software intermixes, and interconnection of system administered with different security policies; design flaws consisting of failure to validate numbers, pointers, or sizes passed to privileged programs, excess privilege, non-disabled interrupts, implied trust, careless treatment of stored sensitive data, failure to limit resource use, failure to detect, report, and/or recover from error conditions, and inherited values improperly used; and faults consisting of improper choise of data types, improper use of parameters, boundary condition faults, missing path faults, synchronization faults, backdoors, incorrectly initialized data values, improper loop and selector defaults, abnormal termination mishandling, and untested code paths.]


    fc@red.all.net