Example of a Classified Defect

A defect taxonomy is a fairly detailed way to collect information about a defect from different points of view, so an example classification may help clarify its usage.

Recently at Microsoft there was a security bug involving animated cursors. It was reported externally and turned out to be caused by using a size in the animated cursor structure that specified the size of a following structure. The code did not check whether the size was valid, so an invalid value could be passed in, and that could cause a buffer overflow error. The following is an explanation of the bug from Determina.com:[1]

[1] Determina Security Research, “Windows Animated Cursor Stack Overflow Vulnerability,” www.determina.com/security.research/vulnerabilities/ani-header.html ...

Get The Practical Guide to Defect Prevention now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.