To automatically detect software bugs, understand their characteristics, and categorize them according to the evolving NIST Bugs Framework (BF), SIFT is developing ISABEL: Integrated Secure Automated Bug Extraction List. ISABEL will provide three key functions:- Using symbolic analysis and fuzz-testing tools to find inputs that trigger vulnerabilities (bugs).- Using fuzz-testing, delta-debugging, and other analyses to refine the triggering inputs.- Analyzing fault information and related code to characterize the bug and output a descriptive BF report.Our Phase I research developed a proof of concept implementation, identifying and addressing several key technical risks. We tested the robustness of the approach on thousands of test cases from NISTÂ’s Juliet test suite. In Phase II, we will extend the approach to a broader set of bug classes and improve the bug characterization methods, leading towardsa commercially viable tool for automatically understanding and characterizing software vulnerabilities. By automatically finding software flaws and characterizing them within the BF, ISABEL will help organizations improve their software quality, detecting flaws before they are deployed, and helping rapidly prioritize them for remediation.