Tree Approach to Vulnerability Classification
- S. Engle, S. Whalen, D. Howard, and M. Bishop, “Tree Approach to Vulnerability Classification”, Technical Report CSE-2006-10, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (May 2006).
We present a classification scheme based on conditions which must hold for a vulnerability to exist. This scheme allows for vulnerabilities to fall into multiple classes without ambiguity, and enables analysts to focus on the causes of vulnerabilities. We use a tree-based approach to organize these conditions at different levels of abstraction.