Making Security Measurable

MITRE, in collaboration with government, industry, and academic stakeholders, is improving the measurability of security through enumerating baseline security data, providing standardized languages as means for accurately communicating the information, and encouraging the sharing of the information with users by developing repositories. This forum pulls together all the community mailing lsit archives of several related standards.
1234 ... 213
Topics (7440)
Replies Last Post Views Sub Forum
Re: [EXT] Improving CWE detection methods data by asummers
0
by asummers
CWE Research List
Attack Surface White Paper addresses use of CWE & CAPEC by Joe Jarzombek
0
by Joe Jarzombek
CWE CAPEC Board
New Release: 2020 CWE Top 25 and CWE v4.2 by asummers
0
by asummers
CWE Research List
pytm added to the CAPEC Organization Usage Page that Highlights How Vendors Are Using CAPEC by rpiazza
0
by rpiazza
Common Attack Pattern Enumeration and Classification
CISQ Automated Source Code Quality Measures with draft list of CWEs associated with Data Protection by Joe Jarzombek
0
by Joe Jarzombek
CWE CAPEC Board
CAPEC 3.3 content available expressed using the STIX standard by rpiazza
0
by rpiazza
Common Attack Pattern Enumeration and Classification
CWE/CAPEC Board Meeting Summary - Aug 4 & 6 by Andrew Buttner
0
by Andrew Buttner
CWE CAPEC Board
Standards and organizations to work with by Kurt Seifried
3
by Joe Jarzombek
CWE CAPEC Board
CAPEC Version 3.3 is Released by rpiazza
0
by rpiazza
Common Attack Pattern Enumeration and Classification
[EXT] Question about CWE Views: which IDs are members? by chorn
1
by Andrew Buttner
CWE Research List
CWE/CAPEC Board Initial Meeting by Andrew Buttner
0
by Andrew Buttner
CWE CAPEC Board
New entry added to the "CAPEC Organization Usage" page by rpiazza
0
by rpiazza
Common Attack Pattern Enumeration and Classification
CWE/CAPEC Board - Kick Off by Andrew Buttner
5
by Bill Curtis
CWE CAPEC Board
CWE 4.1 is now available!! by asummers
0
by asummers
CWE Research List
Progress on CWE-20 (Improper Input Validation) and Upcoming Changes in CWE 4.1 by Christey, Steven M.
0
by Christey, Steven M.
CWE Research List
Re: [EXT] CWE for memory safety failures? by asummers
2
by Christey, Steven M.
CWE Research List
New CWE Weakness Class: Request for Comment by asummers
3
by Christey, Steven M.
CWE Research List
Update on CWE-20 (improper input validation) and other difficult CWEs by Christey, Steven M.
10
by Jukka Ruohonen
CWE Research List
[EXT] CWE website is down - any eta on it coming back? by Kurt Seifried
11
by Steve Overland
CWE Research List
[EXT] New CWE proposed - Single Perspective Validation by Kurt Seifried
2
by Kurt Seifried
CWE Research List
[EXT] Suggestion for category 1215: Input Validation Issues by Amy Gale
3
by Amy Gale
CWE Research List
RE: [EXT] Reviving an Old Discussion: Request for CWE: Improper Licensing (UNCLASSIFIED) by Joe Jarzombek
0
by Joe Jarzombek
CWE Research List
CWE Version 4.0 is Released by Andrew Buttner
0
by Andrew Buttner
CWE Research List
CWE 4.0 Draft Software View by Andrew Buttner
0
by Andrew Buttner
CWE Research List
Draft CWE Schema 6.2 by Andrew Buttner
0
by Andrew Buttner
CWE Research List
CWE Configuration Category by Andrew Buttner
6
by Andrew Buttner
CWE Research List
CWE v4.0 Announcement by asummers
0
by asummers
CWE Research List
Adding the "Credential Stuffing" attack pattern to CAPEC by rpiazza
3
by NETWAR DEFENSE-GOV
Common Attack Pattern Enumeration and Classification
[EXT] Queries on some attacks by CODERE Carl-Eric
5
by rpiazza
Common Attack Pattern Enumeration and Classification
[EXT] CWE-1187 vs CWE-908 confusion by Amy Gale
2
by Andrew Buttner
CWE Research List
[EXT] CWE Proposal java autoboxing by J Harvey
3
by J Harvey
CWE Research List
[EXT] CWE Proposal : Blocking event-loops by J Harvey
0
by J Harvey
CWE Research List
New entry added to the "CAPEC Organization Usage" page by rpiazza
1
by rpiazza
Common Attack Pattern Enumeration and Classification
CWE Hardware Weaknesses by asummers
2
by asummers
CWE Research List
CAPEC 3.2 content available expressed using the STIX standard by rpiazza
0
by rpiazza
Common Attack Pattern Enumeration and Classification
1234 ... 213