layout | title | parent |
---|---|---|
default |
Vulnerability Classes |
Resources |
A vulnerability class is a set of vulnerabilities that share some unifying commonality pattern or concept that isolates a specific feature shared by several different software flaws
Essentially a vulnerability class is a mental device to conceptualize software flaws. -TAOSSA
A common vulnerability class might be a stack overflow (a buffer trying to hold too much data) or a use-after-free (a pointer to a valid memory locations, that is subsequently freed and used).
There are several sources for lists of classes out there, but the largest one being the Common Weakness Enumeration list .