CWE v4.0 Announcement

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

CWE v4.0 Announcement


Dear CWE Research Community,


Happy New Year! I hope you are all well.


We are thrilled to announce a new upcoming release for CWE, version 4.0. This will include a number of big changes that we are really excited about sharing with you, including a restructuring of content to combine the Architecture and Development views (more on that to come in a separate email update) as well as the addition of content in a brand new view focused on hardware design. Version 4.0 will be released towards the end of February.


For the past several months, the CWE team has been working alongside community stakeholders to enumerate hardware design weaknesses and incorporate them into the CWE corpus. While we are not yet ready to share all of this work just yet, we can share the Hardware Design view high level categories today:


·         Manufacturing and Life Cycle Management Concerns

·         Security Flow Issues

·         Integration Issues

·         Privilege Separation & Access Control Issues

·         General Circuit & Logic Design Concerns

·         Core and Compute Issues

·         Memory and Storage Issues

·         Interconnect Problems

·         Peripherals and Interface/IO Problems

·         Security Primitives and Cryptography Issues

·         Power, Clock and Reset Concerns

·         Debug and Test Problems

·         Cross-cutting Problems

As always, we would love to hear your thoughts and comments, especially if you have ideas for specific hardware weaknesses to include in these categories. Starting today, you can use our new submission template document to share your suggestions. To view the new guidelines for submitting any CWE content (software or hardware weaknesses), please visit the following page:


Thank you for your continued support of the CWE project and we look forward to hearing from you.






Alec J. Summers

Cyber Solutions Division

Group Leader, Software Assurance

Cyber Security Engineer, Lead

O: (781) 271-6970

C: (781) 496-8426




MITRE - Solving Problems for a Safer World



smime.p7s (6K) Download Attachment