CWE Research List

This forum is an archive for the mailing list cwe-research-list@lists.mitre.org (more options) Messages posted here will be sent to this mailing list.

CWE Research - A lightly moderated public forum to discuss CWE definitions, suggest potential definition expansion(s), and/or submit new definitions. General discussion of the vulnerabilities themselves is also welcome.
1234
Topics (111)
Replies Last Post Views
[EXT] CWE-1187 vs CWE-908 confusion by Amy Gale
2
by Andrew Buttner
[EXT] CWE Proposal java autoboxing by J Harvey
3
by J Harvey
[EXT] CWE Proposal : Blocking event-loops by J Harvey
0
by J Harvey
CWE Hardware Weaknesses by asummers
2
by asummers
CWE Version 3.4.1 Update Release by asummers
0
by asummers
2019 CWE Top 25 Most Dangerous Software Errors by asummers
0
by asummers
2019 CWE Top 25 Most Dangerous Software Errors -- Draft by asummers
0
by asummers
[EXT] CWE 98 by Erez Yalon
2
by Wojtek Andrijew
Re: [EXT] Question regarding CWE-295 and its (missing) relationships by Robin Gandhi
0
by Robin Gandhi
CWE Top 25 Most Dangerous Software Errors by asummers
1
by Tom Brennan
CWE minor release (version 3.3) by asummers
0
by asummers
[EXT] Template for submitting new CWE's by Kurt Seifried
0
by Kurt Seifried
[EXT] RE: Proposed new CWE: Machine learning classifier vulnerable to adversarial inputs (adversarial machine learning) by Wheeler, David A
1
by Joe Jarzombek
CWE Version 3.2 is Released by Andrew Buttner
0
by Andrew Buttner
[EXT] CVE for insecure use of assert? by Jeffrey Walton
0
by Jeffrey Walton
Request for CWE: Improper Licensing (UNCLASSIFIED) by Hood, Jonathan W CTR...
24
by Wheeler, David A
Upcoming CWE release to include new entries derived from CQE by Christey, Steven M.
0
by Christey, Steven M.
Question to the group by Shifflett, David M [...
1
by Lisa Young
CWE-365 "Race Condition in Switch" is not applicable to C/C++ by Fulvio Baccaglini
6
by Hood, Jonathan W CTR...
CWE-401 "Memory Leak" => Example 2 => CWE-789 "Uncontrolled Memory Allocation" by Fulvio Baccaglini
1
by Andrew Buttner
CWE-186 by G. Ann Campbell
5
by Steve Overland
CWE-495 "Private Array-Typed Field Returned From A Public Method" - C++ Example: Array vs non-Array by Fulvio Baccaglini
1
by Andrew Buttner
CWE-462 "Duplicate Key in Associative List (Alist)" - C++ Example & Automated Detection by Fulvio Baccaglini
1
by Andrew Buttner
Question about CWE-397 for the Discussion List by Fulvio Baccaglini
2
by Arthur Hicken
CWE for backdoors by Kurt Seifried
7
by Christey, Steven M.
New CWE Research List Address by Andrew Buttner
0
by Andrew Buttner
CWE Version 3.1 is Released by Andrew Buttner
0
by Andrew Buttner
zero-width chars as a related CWE to CWE-1007 (Homoglyph attacks) by Kurt Seifried
0
by Kurt Seifried
CWE-125 ("Out-of-bounds Read") extended description by Will Klieber
3
by Christey, Steven M.
CWE proposal for "Improper reliance on certificate pinning" by Kurt Seifried
4
by Christey, Steven M.
Re: Proposed new CWE: Machine learning classifier vulnerable to adversarial inputs (adversarial machine learning) by Wheeler, David A
10
by Christey, Steven M.
Meltdown and Spectre by Andrew Buttner
0
by Andrew Buttner
CWE Relationships - Better Display by Andrew Buttner
1
by Arthur Hicken
CWE Version 3.0 is Released by Andrew Buttner
0
by Andrew Buttner
New weakness: untrusted HTML targets. HTML target= and window.open() enables easy reverse tabnabbing by Wheeler, David A
1
by Andrew Buttner
1234