CWE Version 3.2 is Released

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CWE Version 3.2 is Released

Andrew Buttner
Administrator
All,

A new minor release of CWE (version 3.2) is now posted on the website. This
version focused on the following:

1) Adding quality issues that only indirectly make it easier to introduce a
vulnerability and/or make the vulnerability more difficult to detect or
mitigate. See the new view CWE-1040: Quality Weaknesses with Indirect Security
Impacts

http://cwe.mitre.org/data/definitions/1040.html

2) Adding a new view that maps CWE to the Consortium for IT Software Quality
(CISQ) Automated Quality Characteristic Measures released in 2016.

https://cwe.mitre.org/data/definitions/1128.html

3) Adding a new weakness created to address a gap recently raised by community
members:

CWE-1073: Improper Use of Validation Framework

4) Updating the views and categories associated with the Software Engineering
Institute (SEI) Computer Emergency Response Team (CERT) Coding Standards.

A number of other small changes to improve descriptions and relationships were
also made. A full description of the changes can be found in the detailed
different report.

http://cwe.mitre.org/data/reports/diff_reports/v3.1_v3.2.html

Thank you,
Drew

---------

Andrew Buttner
The MITRE Corporation
[hidden email]
781-271-3515


smime.p7s (6K) Download Attachment