CWE Version 2.11 is Released

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CWE Version 2.11 is Released

Andrew Buttner

A new minor release of CWE (version 2.11) is now posted on the website. This version continued with the reorganization of the Development Concepts View (CWE-699), specifically related to the relationship of CWE-20 (Improper Input Validation) and other traversal, injection, and overflow type weaknesses.  These are now set as CanPrecede/CanFollow relationships instead of parent/child relationships.

A number of smaller items were also addressed including fixes to some demonstrative examples, summaries, and related attack patterns.

Two weaknesses were deprecated with this release as both were redundant concepts that are covered by other existing weaknesses.

CWE-545: Use of Dynamic Class Loading
CWE-592: Authentication Bypass Issues

A full description of the changes can be found in the detailed different report.

Thank you again to all that have helped. We are excited about the progress that is being made and hope to continue it in the coming months..

Thank you,


Andrew Buttner
The MITRE Corporation
[hidden email]

To unsubscribe, send an email message to [hidden email] with SIGNOFF CWE-RESEARCH-LIST in the BODY of the message. If you have difficulties, write to [hidden email].