SFPM 1.0b2 FTF Avatar
  1. OMG Issue

SFPM_ — Clarify terminology between "weakness"/"vulnerability" and "fault"

  • Key: SFPM_-1
  • Status: closed  
  • Source: KDM Analytics ( Dr. Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett March 17 2020:
    there is a further confusion between “weakness”/”vulnerability” and “fault”.
    It seems to me they are different – a plain fault (aka bug) resulting in the software not acting according to its spec is not necessarily an exploitable weakness.
    It seems to me the spec is all about weaknesses, not faults (bugs). That also ties in with the language around CWE which this spec is based on. Use of “fault” should be avoided.

  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:26 GMT
  • Disposition: Resolved — SFPM 1.0b2
  • Disposition Summary:

    Define "software fault"

    Define "software fault" as a formally described fault (cause of failures, esp cybersecurity failures) that can be identified/defined in software alone.

  • Updated: Tue, 9 Jan 2024 22:27 GMT