Cyber Failure Modes Effects Analysis (CFMEA)

The Software Failure Modes Effects Analysis can be extended to cover the design and coding issues that effect both reliability and vulnerability. The cyber failure modes include but aren't limited to:

 

Failure mode and root cause section

 

Unit

Description

Failure mode

Root cause

Unit of code

List the affected code here

Direct access to application memory is allowed via buffer overruns

List CWE entries that pertain to each failure mode

 

Direct access to application memory is allowed via numerical overflow and calculations

Uncontrolled format strings

Unchecked inputs in web pages

Unwanted commands are injected

Inputs result in faulty security decisions

Overly broad error handling or faulty error handling

Too many security related error messages

Improper authentication

Information needed to attack the software is leaked by the software itself

Insufficient memory management

Global resources are modified without locking via timing and state issues

Generally poor coding practices

Cyber Failure Modes Effects Analysis (CFMEA)

Products

The software FMEA toolkit contains a Cyber/Vulnerability worksheet with hundreds of vulnerabilities pre-populated.

Services

The Cyber viewpoint is also provided as an expert SFMEA construction service.

Training

The software FMEA toolkit training class includes the cyber/vulnerability viewpoint.  An optional third day of class can be added for a cyber deep dive.