CWE Research List

This forum is an archive for the mailing list cwe-research-list@lists.mitre.org (more options) Messages posted here will be sent to this mailing list.

CWE Research - A lightly moderated public forum to discuss CWE definitions, suggest potential definition expansion(s), and/or submit new definitions. General discussion of the vulnerabilities themselves is also welcome.
123
Topics (89)
Replies Last Post Views
CWE for backdoors by Kurt Seifried
7
by Christey, Steven M.
Request for CWE: Improper Licensing (UNCLASSIFIED) by Hood, Jonathan W CTR...
10
by Andrew Buttner
New CWE Research List Address by Andrew Buttner
0
by Andrew Buttner
CWE Version 3.1 is Released by Andrew Buttner
0
by Andrew Buttner
zero-width chars as a related CWE to CWE-1007 (Homoglyph attacks) by Kurt Seifried
0
by Kurt Seifried
CWE-125 ("Out-of-bounds Read") extended description by Will Klieber
3
by Christey, Steven M.
CWE proposal for "Improper reliance on certificate pinning" by Kurt Seifried
4
by Christey, Steven M.
Re: Proposed new CWE: Machine learning classifier vulnerable to adversarial inputs (adversarial machine learning) by Wheeler, David A
9
by Christey, Steven M.
Meltdown and Spectre by Andrew Buttner
0
by Andrew Buttner
Re: [Non-DoD Source] RE: Proposed new CWE: Machine learning classifier vulnerable to adversarial inputs (adversarial machine learning) (UNCLASSIFIED) by Hood, Jonathan W CTR...
0
by Hood, Jonathan W CTR...
CWE Relationships - Better Display by Andrew Buttner
1
by Arthur Hicken
CWE Version 3.0 is Released by Andrew Buttner
0
by Andrew Buttner
New weakness: untrusted HTML targets. HTML target= and window.open() enables easy reverse tabnabbing by Wheeler, David A
1
by Andrew Buttner
Request for comment - homophone attacks by Kurt Seifried
32
by Jeffrey Walton
Re: CWE 3.0 - quick progress update - should include CQE by Joe Jarzombek
1
by Walter Houser
CWE discussion/request for DNS related issue by Kurt Seifried
8
by Shifflett, David M [...
CWE 3.0 - quick progress update by Christey, Steven M.
0
by Christey, Steven M.
Question/Discussion about https://cwe.mitre.org/data/definitions/308.html by Kurt Seifried
1
by Kurt Seifried
Question/discussion about CWE-830: Inclusion of Web Functionality from an Untrusted Source by Kurt Seifried
0
by Kurt Seifried
Some more common programmer errors by Kurt Seifried
0
by Kurt Seifried
CWE for DNS/PTR/etc shenanigans by Kurt Seifried
0
by Kurt Seifried
CWE Schema Proposal by Andrew Buttner
1
by Andrew Buttner
Suggestions for Changes to CWE-581 (UNCLASSIFIED) by Hood, Jonathan W CTR...
5
by Hood, Jonathan W CTR...
update for https://cwe.mitre.org/data/definitions/67.html by Kurt Seifried
2
by Kurt Seifried
Request to tidy up CWE-79 / CWE-80 by Kurt Seifried
2
by Harchar, John E [US]...
Request for comment - oauth related CWEs by Kurt Seifried
0
by Kurt Seifried
CWE Version 2.11 is Released by Andrew Buttner
0
by Andrew Buttner
CWE Privacy Policy Change by Andrew Buttner
0
by Andrew Buttner
test by Robert A. Martin
1
by Charles Parker
CWE Taxonomy Mappings by Andrew Buttner
0
by Andrew Buttner
CWE Reuse vs Deprecation by Andrew Buttner
13
by Wheeler, David A
HTTPS Interception Weakens TLS Security by Jeffrey Walton
1
by Andrew Buttner
CWE - request for additional weaknesses by Christey, Steven M.
0
by Christey, Steven M.
CWE Version 2.10 is Released by Andrew Buttner
0
by Andrew Buttner
Planned Changes to the CWE Development View (CWE-699) by Christey, Steven M.
1
by Christey, Steven M.
123