Dear CWE Community,
I hope you are all in good health and spirits. I am thrilled to say that the new minor release for CWE 4.1 is now available on our website – https://cwe.mitre.org. This would not have been possible without many content suggestions from several industry stakeholders including Veracode, Trend Micro, Intel, Tortuga Logic, and Wells Fargo. Thank you all so much for contributing your time and effort to improve CWE for the wider community.
A detailed report is available that lists specific changes between Version 4.0 and Version 4.1, but below I have outlined some of the key changes.
1) Twenty-seven (27) new Hardware Design Weaknesses:
2) Two (2) new Software Development Weaknesses:
3) Refactored CWE-20: Improper Input Validation to add six (6) new children for different kinds of validation characteristics:
The Description for CWE-20 was also updated to clarify that input validation is just one technique used to ensure that inputs are shown in CWE-707: Improper Neutralization.
4) Updated 214 existing entries to add relationships for the 35 new weaknesses added in CWE Version 4.1.
Changes for the new version include the following:
As always, thank you so much for your continued support!
Alec J. Summers
Cyber Solutions Division
Group Leader, Software Assurance
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426
MITRE - Solving Problems for a Safer World
|Free forum by Nabble||Edit this page|