CWE Research List

This forum is an archive for the mailing list cwe-research-list@lists.mitre.org (more options) Messages posted here will be sent to this mailing list.

CWE Research - A lightly moderated public forum to discuss CWE definitions, suggest potential definition expansion(s), and/or submit new definitions. General discussion of the vulnerabilities themselves is also welcome.
123
Topics (80)
Replies Last Post Views
CWE-125 ("Out-of-bounds Read") extended description by Will Klieber
0
by Will Klieber
CWE Relationships - Better Display by Andrew Buttner
1
by Arthur Hicken
CWE Version 3.0 is Released by Andrew Buttner
0
by Andrew Buttner
New weakness: untrusted HTML targets. HTML target= and window.open() enables easy reverse tabnabbing by Wheeler, David A
1
by Andrew Buttner
Request for comment - homophone attacks by Kurt Seifried
32
by Jeffrey Walton
Re: CWE 3.0 - quick progress update - should include CQE by Joe Jarzombek
1
by Walter Houser
CWE discussion/request for DNS related issue by Kurt Seifried
8
by Shifflett, David M [...
CWE 3.0 - quick progress update by Christey, Steven M.
0
by Christey, Steven M.
Question/Discussion about https://cwe.mitre.org/data/definitions/308.html by Kurt Seifried
1
by Kurt Seifried
Question/discussion about CWE-830: Inclusion of Web Functionality from an Untrusted Source by Kurt Seifried
0
by Kurt Seifried
Some more common programmer errors by Kurt Seifried
0
by Kurt Seifried
CWE for DNS/PTR/etc shenanigans by Kurt Seifried
0
by Kurt Seifried
CWE Schema Proposal by Andrew Buttner
1
by Andrew Buttner
Suggestions for Changes to CWE-581 (UNCLASSIFIED) by Hood, Jonathan W CTR...
5
by Hood, Jonathan W CTR...
update for https://cwe.mitre.org/data/definitions/67.html by Kurt Seifried
2
by Kurt Seifried
Request to tidy up CWE-79 / CWE-80 by Kurt Seifried
2
by Harchar, John E [US]...
Request for comment - oauth related CWEs by Kurt Seifried
0
by Kurt Seifried
CWE Version 2.11 is Released by Andrew Buttner
0
by Andrew Buttner
CWE Privacy Policy Change by Andrew Buttner
0
by Andrew Buttner
test by Robert A. Martin
1
by Charles Parker
CWE Taxonomy Mappings by Andrew Buttner
0
by Andrew Buttner
CWE Reuse vs Deprecation by Andrew Buttner
13
by Wheeler, David A
HTTPS Interception Weakens TLS Security by Jeffrey Walton
1
by Andrew Buttner
CWE - request for additional weaknesses by Christey, Steven M.
0
by Christey, Steven M.
CWE Version 2.10 is Released by Andrew Buttner
0
by Andrew Buttner
Planned Changes to the CWE Development View (CWE-699) by Christey, Steven M.
1
by Christey, Steven M.
Last call - Planned Changes to the CWE Development View (CWE-699) by Christey, Steven M.
0
by Christey, Steven M.
Which CWE fields do you find important? by Andrew Buttner
6
by Andrew Buttner
CWE and CAPEC Support in 2017 by Andrew Buttner
0
by Andrew Buttner
CWE 2.8 database by andy
6
by andrew murren
Wording issue in CWE-107 by G. Ann Campbell
0
by G. Ann Campbell
CWE-788: does the extended description contains a mistake ? by Roberto Martelloni
5
by Christey, Steven M.
Rationalize CWE-119 (improper buffer bound restriction) and CWE-120 (classic buffer overflow) by Wheeler, David A
4
by Pascal Meunier
CVE or CWE for using/accepting wrong CA to certify a certificate? by Jeffrey Walton
4
by Jeffrey Walton
CWE 651 by yossi
0
by yossi
123