Abstract: C/C++ language aims to provide high efficiency and flexibility, however, it also brings some safe holes such as memory leak, invalid pointer reference and so on at the same time， which becomes a great threaten to the security of the system. The taxonomy of computer vulnerabilities can result in an increased understanding of the nature of software vulnerabilities, which contributes to detecting and eliminating them respectively. Based on the analysis of large numbers of security vulnerabilities, this paper gives a method about how to classify the security vulnerability in the C/C++ language, which provides the basis for the construction of safe rules checker and the guidance for the development of software security.

Key words: safe hole, classification research, array overflow, memory leak