During the summer, MITRE pored over CWE with a fine-toothed comb. We
examined every single node in draft 6. We've identified hundreds of
small changes, dozens of large changes, and a handful of systemic
issues that require community discussion. We've identified potential
stakeholders and use-cases to help us try to get a handle on these
Over the next couple of weeks, we will be actively soliciting the CWE
Researcher Community for feedback on these "Systemic issues," which
have the greatest impact on the future direction of CWE. After
sufficient community review, MITRE will make the final decisions about
the best way to proceed, and modify CWE accordingly.
We want to make substantial progress this month. Given this short
time frame, it's impossible to cover all the issues surrounding CWE.
So, during September, we will focus our discussions on a couple of the
Systemic issues, define some alternate views into CWE, update the
schema, and make other high-priority changes. After October 2, we'll
publish draft 7, and we'll continue to engage the community as we
consider other substantive changes in the upcoming months.
The bulk of the discussions will take place on this mailing list,
which will be publicly archived.
Later this week, we will create a new section on the CWE web site.
This section will include descriptions of the Systemic issues, the
stakeholders and use-cases we've defined, a plan for the upcoming
months, and other supporting documentation. Once this section is
public, we'll begin discussion on this list.
We appreciate all the feedback that we've received since CWE's
inception. We anticipate some lively debates over the coming months,
and we expect that your participation will produce significant
improvements to CWE.
CWE Technical Lead
CWE Program Manager
and the CWE Content Team:
Sean Barnum, Cigital
Conor Harris, MITRE
Bill Heinbockel, MITRE
Janis Kenderdine, MITRE