CWE Relationships - Better Display

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CWE Relationships - Better Display

Andrew Buttner
Administrator
One of the changes that accompanied the new version 3.0 release involved how relationships are displayed on the website. A comment that we heard from many people was that the display of CWE relationships was confusing, and hence was often misunderstood.  Folks didn't understand the reason for the View column, or they missed relationships that were hidden amongst a large list of OWASP/CERT relationships. To address this concern, we made two important changes to the visual display of CWEs on the website.  (these don't affect the actual content)

1) We separated out "Memberships" and placed them in their own table toward the end of the entry.

2) We created separate tables for each view that can be toggled depending on the point of view of the user. If you want to see relationships associated with Development Concepts, then show that table.  If you want to see relationships associated with Research Concepts, then show that table.

Check out the following two CWEs for examples of this:

CWE-431 : Missing Handler
http://cwe.mitre.org/data/definitions/431.html

CWE-434: Unrestricted Upload of File with Dangerous Type
http://cwe.mitre.org/data/definitions/434.html

I hope you find this new approach easier to understand. Did it work? If you have other ideas, please don't hesitate to share. We are always looking for ways to improve CWE.

Thanks
Drew

---------

Andrew Buttner
The MITRE Corporation
[hidden email]
781-271-3515

To unsubscribe, send an email message to [hidden email] with SIGNOFF CWE-RESEARCH-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: CWE Relationships - Better Display

Arthur Hicken
I definitely like it better.

On 11/17/17, 9:38 AM, "Buttner, Drew" <[hidden email] on behalf of [hidden email]> wrote:

    One of the changes that accompanied the new version 3.0 release involved how relationships are displayed on the website. A comment that we heard from many people was that the display of CWE relationships was confusing, and hence was often misunderstood.  Folks didn't understand the reason for the View column, or they missed relationships that were hidden amongst a large list of OWASP/CERT relationships. To address this concern, we made two important changes to the visual display of CWEs on the website.  (these don't affect the actual content)
   
    1) We separated out "Memberships" and placed them in their own table toward the end of the entry.
   
    2) We created separate tables for each view that can be toggled depending on the point of view of the user. If you want to see relationships associated with Development Concepts, then show that table.  If you want to see relationships associated with Research Concepts, then show that table.
   
    Check out the following two CWEs for examples of this:
   
    CWE-431 : Missing Handler
    http://cwe.mitre.org/data/definitions/431.html
   
    CWE-434: Unrestricted Upload of File with Dangerous Type
    http://cwe.mitre.org/data/definitions/434.html
   
    I hope you find this new approach easier to understand. Did it work? If you have other ideas, please don't hesitate to share. We are always looking for ways to improve CWE.
   
    Thanks
    Drew
   
    ---------
   
    Andrew Buttner
    The MITRE Corporation
    [hidden email]
    781-271-3515
   
    To unsubscribe, send an email message to [hidden email] with SIGNOFF CWE-RESEARCH-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
   

To unsubscribe, send an email message to [hidden email] with SIGNOFF CWE-RESEARCH-LIST in the BODY of the message. If you have difficulties, write to [hidden email].