CWE minor release (version 3.3)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CWE minor release (version 3.3)

asummers
Administrator

All,

 

A new minor release of CWE (version 3.3) is now posted on the website. CWE 3.3 has 1 new view, 1 updated view with 2 new entries, and 2 deprecated entries. In all, 238 entries had major changes to relationship, references, names, fields, and descriptions.

 

This version focused on the following:

 

  1. Updating the CWE-1003: Weaknesses for Simplified Mapping of Published Vulnerabilities view, which may be used to categorize potential weaknesses within sources that handle public, third-party vulnerability information, such as the U.S. National Vulnerability Database (NVD); and adding 2 new weaknesses related to CWE-1003, CWE-1187: Use of Uninitialized Resource, which occurs when a resource has not been properly initialized and the software may behave unexpectedly, and CWE-1188: Insecure Default Initialization of Resource, which occurs when the software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

 

http://cwe.mitre.org/data/definitions/1003.html

https://nvd.nist.gov/

http://cwe.mitre.org/data/definitions/1187.html

https://cwe.mitre.org/data/definitions/1188.html

  1. Adding 1 new view, CWE-1178: Weaknesses Addressed by the SEI CERT Perl Coding Standard, which identifies weaknesses in Perl that may be fully or partially prevented by following the SEI CERT Perl Coding Standard

 

http://cwe.mitre.org/data/definitions/1178.html

 

There were no schema changes.

 

Thank you,

Alec

 

 

-- 

Alec J. Summers

Cyber Solutions

Trust and Assurance Cyber Tech

(781) 271-6970

 

signature_1091456521


smime.p7s (6K) Download Attachment