CWE minor release (version 3.3)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CWE minor release (version 3.3)




A new minor release of CWE (version 3.3) is now posted on the website. CWE 3.3 has 1 new view, 1 updated view with 2 new entries, and 2 deprecated entries. In all, 238 entries had major changes to relationship, references, names, fields, and descriptions.


This version focused on the following:


  1. Updating the CWE-1003: Weaknesses for Simplified Mapping of Published Vulnerabilities view, which may be used to categorize potential weaknesses within sources that handle public, third-party vulnerability information, such as the U.S. National Vulnerability Database (NVD); and adding 2 new weaknesses related to CWE-1003, CWE-1187: Use of Uninitialized Resource, which occurs when a resource has not been properly initialized and the software may behave unexpectedly, and CWE-1188: Insecure Default Initialization of Resource, which occurs when the software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

  1. Adding 1 new view, CWE-1178: Weaknesses Addressed by the SEI CERT Perl Coding Standard, which identifies weaknesses in Perl that may be fully or partially prevented by following the SEI CERT Perl Coding Standard


There were no schema changes.


Thank you,





Alec J. Summers

Cyber Solutions

Trust and Assurance Cyber Tech

(781) 271-6970



smime.p7s (6K) Download Attachment