SFPM
Software Fault Pattern Metamodel
One of the key steps in preventing cyber attacks is to collect, analyze and efficiently manage knowledge about exploitable weaknesses. Common Weakness Enumeration (CWE) catalog describes a large collection of weaknesses building upon proposals by various researchers; however, all existing classifications remain informal and resist automation. This specification describes the Software Fault Pattern (SFP) approach to building machine-consumable knowledge of software weaknesses. In the SFP approach, weaknesses are not studied as some abstract objects; instead, the SFP approach focuses on computations that exhibit certain "faults". The objective of the SFP approach is to reveal the invariants of such computations, and to provide a framework for describing and cataloguing "faults" in terms of these invariants. This specification uses the term "software fault" as it refers to an identified - adjudged or hypothesized - cause of a failure of the service performed by a piece of software under investigation. SFP apparatus is developed to provide formal, constructive definitions to the class of software faults that can be identified in the software alone. To describe invariants in terms of software, the SFP approach uses ISO/OMG Knowledge Discovery Metamodel (KDM) as a language-neutral, vendor-independent vocabulary for describing software facts. With KDM as the foundation, the SFP framework provides an apparatus for formally specifying invariants of computations; describing and cataloguing faults as invariants of computations. The SFP apparatus involves specification of the SFP Metamodel (SFPM) and the SFPM XMI schema. SFPM XMI is a common interoperable format for representing machine-consumable content related to software faults, their formal semantics and their mappings to the elements of the Common Weakness Enumeration (CWE) catalog.
- Title:
- Software Fault Pattern Metamodel
- Acronym:
- SFPM
- Version:
-
1.0
- Document Status:
-
formal ⓘ
- Publication Date:
- August 2024
- IPR Mode ⓘ
- Non-Assert ⓘ
Table Of Contents
- About the Specification
- Companies that have contributed to the development of this Specification
- Issues associated with this specification
- Specification Documents
- History
- Links
Companies that have contributed to the development of this Specification
- Copyright © 2024 88solutions
- Copyright © 2024 KDM Analytics
- Copyright © 2024 MITRE
- Copyright © 2024 Objective Interface Systems
Issues associated with this specification
Issues Reported in this Specification
‐
Version 1.0 only
Specification Documents
Normative Documents
Description | Format | URL | OMG File ID |
---|---|---|---|
Specification |
SFPM/1.0/PDF
|
formal/23-12-02 |
Normative Machine Readable Documents
Description | Format | URL | OMG File ID |
---|---|---|---|
SFPM XMI file | XML |
SFPM/20220201/SFPM.xml
|
ptc/22-02-14 |
Informative Machine Readable Documents
Description | Format | URL | OMG File ID |
---|---|---|---|
SFPM Ecore file | Eclipse ecore |
ptc/22-02-15.ecore
|
ptc/22-02-15 |
SFPM 1.0 XML schema file updated | XML Schema |
ptc/22-03-02.xsd
|
ptc/22-03-02 |
History
Formal Versions
Version | Adoption Date | URL |
---|---|---|
1.0 | August 2024 | https://www.omg.org/spec/SFPM/1.0 |
Links
- This Document:
- https://www.omg.org/spec/SFPM/1.0/About-SFPM
- RDF
- https://www.omg.org/spec/SFPM/1.0/About-SFPM.rdf
- JSON-LD
- https://www.omg.org/spec/SFPM/1.0/About-SFPM.jsonld
- Latest Document:
- https://www.omg.org/spec/SFPM
- RDF
- https://www.omg.org/spec/SFPM/About-SFPM.rdf
- JSON-LD
- https://www.omg.org/spec/SFPM/About-SFPM.jsonld
- Members Only
- https://www.omg.org/members/spec/SFPM/1.0
- Supersedes:
- https://www.omg.org/spec/SFPM/1.0/Beta2
- Keywords:
- Contact:
- Send a question ⓘ