CWE Version 3.2 is Released

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CWE Version 3.2 is Released

Andrew Buttner

A new minor release of CWE (version 3.2) is now posted on the website. This
version focused on the following:

1) Adding quality issues that only indirectly make it easier to introduce a
vulnerability and/or make the vulnerability more difficult to detect or
mitigate. See the new view CWE-1040: Quality Weaknesses with Indirect Security

2) Adding a new view that maps CWE to the Consortium for IT Software Quality
(CISQ) Automated Quality Characteristic Measures released in 2016.

3) Adding a new weakness created to address a gap recently raised by community

CWE-1073: Improper Use of Validation Framework

4) Updating the views and categories associated with the Software Engineering
Institute (SEI) Computer Emergency Response Team (CERT) Coding Standards.

A number of other small changes to improve descriptions and relationships were
also made. A full description of the changes can be found in the detailed
different report.

Thank you,


Andrew Buttner
The MITRE Corporation
[hidden email]

smime.p7s (6K) Download Attachment