The new release of CWE (version 2.10) is now posted on the website. The bulk of the changes focused on the reorganization of higher-level entries in the Development Concepts View (CWE-699) in order to simplify navigation and reduce near-duplicate relationships. Thank you to all of you that help with this via our discussions on this email list.
We were also able to add one new weakness (CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag) to help fill a gap in coverage. A full description of the changes can be found in the detailed different report.
In addition to the updated list, we made an attempt to streamline site navigation for an improved user experience. The main navigation menu is now located in an easy-to-access menu bar at the top of every page, with Section Contents menus for each section of the website just below the new main menu. As a side benefit, the site looks sharp on mobile platforms!
The main CWE List page has also been streamlined for ease-of-use and contains four main sections. Our goal with this was to simplify the choices that users need to make without removing any of the functionality or available content. I hope you find this new design an improvement.
Although a new version is available, our work is not complete. During the coming months we will turn our attention to improving existing weakness entries and filling in additional gaps. We will be asking for your help in this process. A discussion thread on this topic will be started shortly.
Thank you again to all that have helped. We are excited that CWE is moving forward and we will do our best to build on this momentum.