MITRE has a long history in the Software Assurance and Software Vulnerability areas. MITRE founded the Common Vulnerabilities and Exposures (CVE®) effort in 1999 and since has partnered with industry and government leaders to create additional foundational efforts such as the Common Weakness Enumeration (CWE™) and the Common Attack Pattern Enumeration and Classification (CAPEC™).
The case studies presented here leverage MITRE’s decades of experience in source code weakness categorization and reveal detailed information about specific real-world software issues. Our hope is that these case studies provide educators, project leaders, software development teams, and assessment teams insight into these critical issues and show how to avoid them.
With each case study focusing on a real issue in real software, there should be no debate as to the applicability of these mistakes to one’s own day-to-day coding projects. By understanding these issues, the mistakes that were made, and how each was fixed, we will be in a better position to avoid similar problems in the future.