Cyber Failure Modes Effects Analysis (CFMEA)

The Software Failure Modes Effects Analysis can be extended to cover the design and coding issues that effect both reliability and vulnerability. The cyber failure modes include but aren't limited to:


Failure mode and root cause section




Failure mode

Root cause

Unit of code

List the affected code here

Direct access to application memory is allowed via buffer overruns

List CWE entries that pertain to each failure mode


Direct access to application memory is allowed via numerical overflow and calculations

Uncontrolled format strings

Unchecked inputs in web pages

Unwanted commands are injected

Inputs result in faulty security decisions

Overly broad error handling or faulty error handling

Too many security related error messages

Improper authentication

Information needed to attack the software is leaked by the software itself

Insufficient memory management

Global resources are modified without locking via timing and state issues

Generally poor coding practices

Cyber Failure Modes Effects Analysis (CFMEA)


The software FMEA toolkit contains a Cyber/Vulnerability worksheet with hundreds of vulnerabilities pre-populated.


The Cyber viewpoint is also provided as an expert SFMEA construction service.


The software FMEA toolkit training class includes the cyber/vulnerability viewpoint.  An optional third day of class can be added for a cyber deep dive.