摘要： 针对软件脆弱性分类中分类属性的选择问题，给出软件脆弱性的基本概念，讨论分类研究的目标及属性选取的基本原则。通过对5种典型分类属性的比较和总结，归纳分类属性的类别，提出一个新的分类思路。根据目前分类研究中存在的问题，给出相应的改进措施及未来的发展方向。

关键词: 软件脆弱性, 分类属性, 分类法, 安全

Abstract: Aiming at the problems of selecting classification attributes in software vulnerability classification, this paper presents some concepts about software vulnerability, and discusses the basic principles of selecting the objects and the attributes. By comparing and summarizing five typical taxonomies, a new thought of classifying software vulnerabilities is presented. The problems in current researches are analyzed, and corresponding improvements and developing trends are given.

Key words: software vulnerability, classification attribute, taxonomy, security

中图分类号: 

• TP311.5