CWE Research List

This forum is an archive for the mailing list cwe-research-list@lists.mitre.org (more options) Messages posted here will be sent to this mailing list.

CWE Research - A lightly moderated public forum to discuss CWE definitions, suggest potential definition expansion(s), and/or submit new definitions. General discussion of the vulnerabilities themselves is also welcome.
123
Topics (97)
Replies Last Post Views
Question to the group by Shifflett, David M [...
1
by Lisa Young
RE: [Non-DoD Source] Re: CWE-365 "Race Condition in Switch" is not applicable to C/C++ (UNCLASSIFIED) by Hood, Jonathan W CTR...
3
by Hood, Jonathan W CTR...
CWE-365 "Race Condition in Switch" is not applicable to C/C++ by Fulvio Baccaglini
2
by Fulvio Baccaglini
CWE-401 "Memory Leak" => Example 2 => CWE-789 "Uncontrolled Memory Allocation" by Fulvio Baccaglini
1
by Andrew Buttner
Request for CWE: Improper Licensing (UNCLASSIFIED) by Hood, Jonathan W CTR...
23
by Christey, Steven M.
CWE-186 by G. Ann Campbell
5
by Steve Overland
CWE-495 "Private Array-Typed Field Returned From A Public Method" - C++ Example: Array vs non-Array by Fulvio Baccaglini
1
by Andrew Buttner
CWE-462 "Duplicate Key in Associative List (Alist)" - C++ Example & Automated Detection by Fulvio Baccaglini
1
by Andrew Buttner
Question about CWE-397 for the Discussion List by Fulvio Baccaglini
2
by Arthur Hicken
CWE for backdoors by Kurt Seifried
7
by Christey, Steven M.
New CWE Research List Address by Andrew Buttner
0
by Andrew Buttner
CWE Version 3.1 is Released by Andrew Buttner
0
by Andrew Buttner
zero-width chars as a related CWE to CWE-1007 (Homoglyph attacks) by Kurt Seifried
0
by Kurt Seifried
CWE-125 ("Out-of-bounds Read") extended description by Will Klieber
3
by Christey, Steven M.
CWE proposal for "Improper reliance on certificate pinning" by Kurt Seifried
4
by Christey, Steven M.
Re: Proposed new CWE: Machine learning classifier vulnerable to adversarial inputs (adversarial machine learning) by Wheeler, David A
9
by Christey, Steven M.
Meltdown and Spectre by Andrew Buttner
0
by Andrew Buttner
Re: [Non-DoD Source] RE: Proposed new CWE: Machine learning classifier vulnerable to adversarial inputs (adversarial machine learning) (UNCLASSIFIED) by Hood, Jonathan W CTR...
0
by Hood, Jonathan W CTR...
CWE Relationships - Better Display by Andrew Buttner
1
by Arthur Hicken
CWE Version 3.0 is Released by Andrew Buttner
0
by Andrew Buttner
New weakness: untrusted HTML targets. HTML target= and window.open() enables easy reverse tabnabbing by Wheeler, David A
1
by Andrew Buttner
Request for comment - homophone attacks by Kurt Seifried
32
by Jeffrey Walton
Re: CWE 3.0 - quick progress update - should include CQE by Joe Jarzombek
1
by Walter Houser
CWE discussion/request for DNS related issue by Kurt Seifried
8
by Shifflett, David M [...
CWE 3.0 - quick progress update by Christey, Steven M.
0
by Christey, Steven M.
Question/Discussion about https://cwe.mitre.org/data/definitions/308.html by Kurt Seifried
1
by Kurt Seifried
Question/discussion about CWE-830: Inclusion of Web Functionality from an Untrusted Source by Kurt Seifried
0
by Kurt Seifried
Some more common programmer errors by Kurt Seifried
0
by Kurt Seifried
CWE for DNS/PTR/etc shenanigans by Kurt Seifried
0
by Kurt Seifried
CWE Schema Proposal by Andrew Buttner
1
by Andrew Buttner
Suggestions for Changes to CWE-581 (UNCLASSIFIED) by Hood, Jonathan W CTR...
5
by Hood, Jonathan W CTR...
update for https://cwe.mitre.org/data/definitions/67.html by Kurt Seifried
2
by Kurt Seifried
Request to tidy up CWE-79 / CWE-80 by Kurt Seifried
2
by Harchar, John E [US]...
Request for comment - oauth related CWEs by Kurt Seifried
0
by Kurt Seifried
CWE Version 2.11 is Released by Andrew Buttner
0
by Andrew Buttner
123