Example of a Classified Defect

A defect taxonomy is a fairly detailed way to collect information about a defect from different points of view, so an example classification may help clarify its usage.

Recently at Microsoft there was a security bug involving animated cursors. It was reported externally and turned out to be caused by using a size in the animated cursor structure that specified the size of a following structure. The code did not check whether the size was valid, so an invalid value could be passed in, and that could cause a buffer overflow error. The following is an explanation of the bug from Determina.com:[1]

[1] Determina Security Research, “Windows Animated Cursor Stack Overflow Vulnerability,” www.determina.com/security.research/vulnerabilities/ani-header.html ...

Get The Practical Guide to Defect Prevention now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.