Since early 90s, experts have proposed various ways to prevent exploitations and avoid releasing software with vulnerabilities. One way is through educating developers with information on known vulnerabilities using taxonomy of vulnerabilities as a guide. However, the guide using taxonomy of vulnerabilities has not shown to mitigate the issues. One possibility is due to the existence of gaps in producing the right and comprehensive taxonomy for software vulnerabilities. We studied various available taxonomies on software vulnerabilities. In this paper we propose and discuss our own criteria for taxonomy of software vulnerabilities with some improvement with particular emphasis on C programming.