CWE Version 1.6 Now Available

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CWE Version 1.6 Now Available

Steven M. Christey-2
CWE Version 1.6 [1] has been posted on the CWE List page. A detailed
report [2] is available that lists specific changes between Version 1.5
and Version 1.6.

The main changes include: (1) creation of 4 new entries with no entries
deprecated; (2) cleanup of the general-purpose Other_Notes field in 84
entries, which typically moved content into other more relevant fields
within those entries, especially Common_Consequences; (3) modified
descriptions for 49 entries stemming from the Other_Notes modification and
continued efforts to establish a common vocabulary; (4) promotion of three
entries from "Draft" to "Usable" status; and (5) updated relationships for
50 entries, including a partial restructuring of CWE-119 to better handle
closely-related buffer-overflow concepts. There were no schema changes in
this version.

The new entries are:

CWE-786 Access of Memory Location Before Start of Buffer
CWE-787 Out-of-bounds Write
CWE-788 Access of Memory Location After End of Buffer
CWE-789 Uncontrolled Memory Allocation

The "Stakeholder Field Priorities" document [3] has been modified to
reflect additional stakeholders, new CWE fields, and changing priorities.
The CWE/SANS Top 25 document has been updated to reflect the latest
changes in names and attack patterns. PDF documents have been updated to
display graphs of views such as the Research View (CWE-1000) and the
Development View (CWE-699), and a "Printable CWE" document lists all of
the entries in CWE.

Please send any comments or concerns to [hidden email], or post them to
this list.

Steve Christey
CWE Technical Lead