CWE 2.8 database

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

CWE 2.8 database

andy
I am conducting research using CWE 2.8 but find the XML and the on line
HTML formats sub-optimal to work with.  Has anyone put the data into a
database? I am considering putting the data into a MySQL database but
wanted to see if anyone had already done it.

Thanks,

Andy
Reply | Threaded
Open this post in threaded view
|

RE: CWE 2.8 database

Ken Prole
Andy,

I'm not aware of any public CWE database, but you might want to check out our http://www.cwevis.org. It provides different ways to filter and search.

MITRE also provides a PDF of the CWE, which may or may not be helpful to you: https://cwe.mitre.org/data/published/cwe_v2.8.pdf.

Best regards,

- Ken

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of andy
Sent: Thursday, October 1, 2015 6:49 AM
To: [hidden email]
Subject: CWE 2.8 database

I am conducting research using CWE 2.8 but find the XML and the on line HTML formats sub-optimal to work with.  Has anyone put the data into a database? I am considering putting the data into a MySQL database but wanted to see if anyone had already done it.

Thanks,

Andy
JA
Reply | Threaded
Open this post in threaded view
|

Re: CWE 2.8 database

JA
In cade it coule be useful
https://github.com/athiasjerome/XORCISM/blob/master/XORCISMCWE/XORCISMCWE.txt

On Thursday, 1 October 2015, Ken Prole <[hidden email]> wrote:
Andy,

I'm not aware of any public CWE database, but you might want to check out our http://www.cwevis.org. It provides different ways to filter and search.

MITRE also provides a PDF of the CWE, which may or may not be helpful to you: https://cwe.mitre.org/data/published/cwe_v2.8.pdf.

Best regards,

- Ken

-----Original Message-----
From: <a href="javascript:;" onclick="_e(event, &#39;cvml&#39;, &#39;owner-cwe-research-list@lists.mitre.org&#39;)">owner-cwe-research-list@... [mailto:<a href="javascript:;" onclick="_e(event, &#39;cvml&#39;, &#39;owner-cwe-research-list@lists.mitre.org&#39;)">owner-cwe-research-list@...] On Behalf Of andy
Sent: Thursday, October 1, 2015 6:49 AM
To: <a href="javascript:;" onclick="_e(event, &#39;cvml&#39;, &#39;cwe-research-list@LISTS.MITRE.ORG&#39;)">cwe-research-list@...
Subject: CWE 2.8 database

I am conducting research using CWE 2.8 but find the XML and the on line HTML formats sub-optimal to work with.  Has anyone put the data into a database? I am considering putting the data into a MySQL database but wanted to see if anyone had already done it.

Thanks,

Andy
Reply | Threaded
Open this post in threaded view
|

Re: CWE 2.8 database

Sai Uday Shankar Korlimarla
Hi Andy,

You may find vfeed interesting. URL: https://github.com/toolswatch/vFeed

vFeed also has a CWE to CVE mapping, then CVE to CPE mapping. So if you use vfeed, you get to correlate faster i.e. CPE has CWES and CVEs. 


If you think that vfeed query scripts take in any input and are injectable, then you can use my wrapper at  https://github.com/UShan89/vfeedWarp.


Creating a database is a good option but unless you may want to forgo the correlation with CPE and CVEs. If still interested in a CWE db, I am all ears and look forward to hear from you.




Regards
Uday

On Thu, Oct 1, 2015 at 1:35 PM, Jerome Athias <[hidden email]> wrote:
In cade it coule be useful
https://github.com/athiasjerome/XORCISM/blob/master/XORCISMCWE/XORCISMCWE.txt


On Thursday, 1 October 2015, Ken Prole <[hidden email]> wrote:
Andy,

I'm not aware of any public CWE database, but you might want to check out our http://www.cwevis.org. It provides different ways to filter and search.

MITRE also provides a PDF of the CWE, which may or may not be helpful to you: https://cwe.mitre.org/data/published/cwe_v2.8.pdf.

Best regards,

- Ken

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of andy
Sent: Thursday, October 1, 2015 6:49 AM
To: [hidden email]
Subject: CWE 2.8 database

I am conducting research using CWE 2.8 but find the XML and the on line HTML formats sub-optimal to work with.  Has anyone put the data into a database? I am considering putting the data into a MySQL database but wanted to see if anyone had already done it.

Thanks,

Andy

JA
Reply | Threaded
Open this post in threaded view
|

Re: CWE 2.8 database

JA
Just a note that XORCISM comes with databases schemas and associated tools that supports and map CWE, CVE, CPE, CAPEC, OSVDB, Metasploit, ... And far more


PS: pm me if questions

Happy Research

On Thursday, 1 October 2015, Sai Uday Shankar Korlimarla <[hidden email]> wrote:
Hi Andy,

You may find vfeed interesting. URL: https://github.com/toolswatch/vFeed

vFeed also has a CWE to CVE mapping, then CVE to CPE mapping. So if you use vfeed, you get to correlate faster i.e. CPE has CWES and CVEs. 


If you think that vfeed query scripts take in any input and are injectable, then you can use my wrapper at  https://github.com/UShan89/vfeedWarp.


Creating a database is a good option but unless you may want to forgo the correlation with CPE and CVEs. If still interested in a CWE db, I am all ears and look forward to hear from you.




Regards
Uday

On Thu, Oct 1, 2015 at 1:35 PM, Jerome Athias <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;athiasjerome@gmail.com&#39;);" target="_blank">athiasjerome@...> wrote:
In cade it coule be useful
https://github.com/athiasjerome/XORCISM/blob/master/XORCISMCWE/XORCISMCWE.txt


On Thursday, 1 October 2015, Ken Prole <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;Ken.Prole@securedecisions.com&#39;);" target="_blank">Ken.Prole@...> wrote:
Andy,

I'm not aware of any public CWE database, but you might want to check out our http://www.cwevis.org. It provides different ways to filter and search.

MITRE also provides a PDF of the CWE, which may or may not be helpful to you: https://cwe.mitre.org/data/published/cwe_v2.8.pdf.

Best regards,

- Ken

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of andy
Sent: Thursday, October 1, 2015 6:49 AM
To: [hidden email]
Subject: CWE 2.8 database

I am conducting research using CWE 2.8 but find the XML and the on line HTML formats sub-optimal to work with.  Has anyone put the data into a database? I am considering putting the data into a MySQL database but wanted to see if anyone had already done it.

Thanks,

Andy

Tom
Reply | Threaded
Open this post in threaded view
|

Re:CWE 2.8 database

Tom
In reply to this post by andy

hi Andy,

You can get some reference from my github: https://github.com/dongshen/cwe.git.

If you need more help, please let me know.

Regards,
Tom

At 2015-10-02 01:19:55, "andy" <[hidden email]> wrote: >I am conducting research using CWE 2.8 but find the XML and the on line >HTML formats sub-optimal to work with. Has anyone put the data into a >database? I am considering putting the data into a MySQL database but >wanted to see if anyone had already done it. > >Thanks, > >Andy


 

Reply | Threaded
Open this post in threaded view
|

Re: CWE 2.8 database

andrew murren
Tom,

This looks like exactly what I was looking for, thanks. 

Andy

On Thursday, November 19, 2015, Tom <[hidden email]> wrote:

hi Andy,

You can get some reference from my github: https://github.com/dongshen/cwe.git.

If you need more help, please let me know.

Regards,
Tom

At 2015-10-02 01:19:55, "andy" <<a href="javascript:_e(%7B%7D,&#39;cvml&#39;,&#39;amurren@gmail.com&#39;);" target="_blank">amurren@...> wrote: >I am conducting research using CWE 2.8 but find the XML and the on line >HTML formats sub-optimal to work with. Has anyone put the data into a >database? I am considering putting the data into a MySQL database but >wanted to see if anyone had already done it. > >Thanks, > >Andy