CWE Version 4.0 is Released

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CWE Version 4.0 is Released

Andrew Buttner

A new major version of CWE (version 4.0) is now posted on the website.

The primary focus of this major release is the expansion of CWE into
hardware related issues. A new "Hardware Design" view has been created,
which organizes weaknesses around concepts that are frequently used or
encountered in hardware design. There are 12 new categories included in this
view, and 31 weaknesses within these categories. This view represents an
exciting step forward for CWE, and is the result of significant community
collaboration with Intel, Tortuga Logic, and members of the CWE Research
List. This view is by no means complete, and we hope to continue to work
with the community and expand it over the coming year.

CWE 4.0 also includes a completely refactored "Software Development" view,
which was created by combining content from the previous Architecture
Concepts and Development Concepts views. This view's overall appearance and
structure has been simplified and reduces the number of relationships. It is
expected that this change will make the view more useful to a wider
audience. Weaknesses are grouped by categories that are familiar to software
development, and each category provides a single flat list of weaknesses.

For those that rely on the complex relationships linking together weaknesses
at different levels of abstraction, the existing "Research Concepts" view
remains mostly unchanged from previous versions of CWE. The only major
difference with this view is that the top level weaknesses are now called
"Pillars".  This term was actually around in previous versions of CWE, but
was not formally used. Some minor changes/corrections to the relationships
were also made.

Another change that is part of CWE 4.0 is a new "Filter View" feature that
is being tested as a way to customize CWE classification trees. This new
filter allows you to refine which content you want to see when exploring the
graph associated with a certain view. The Filter View feature is currently
available for the Software Development, Hardware Design, and Research
Concepts views.

More details about all of these changes can be found in the related articles
posted to the CWE news page:

Going forward, the CWE Team will continue to work with the community to
expand the Hardware Design view, as well as continue to improve the existing
software related weaknesses. As always, we welcome comments from the CWE
Community, and hope that we are providing a source of information that is



Andrew Buttner
The MITRE Corporation
[hidden email]

smime.p7s (6K) Download Attachment