[EXT] CWE-1187 vs CWE-908 confusion

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[EXT] CWE-1187 vs CWE-908 confusion

Amy Gale

Both these IDs have the same Name "Use of Uninitialized Resource" and nearly the same Descriptions ("The software uses a resource that has not been properly initialized." vs "The software uses or accesses a resource that has not been initialized."), although completely disjoint sets of relationships with other IDs.


I am confused about which of these I should be using categorize relevant bugs. Both?


Amy Gale

GrammaTech, Inc.


The information contained in this e-mail and any attachments from GrammaTech, Inc may contain confidential and/or proprietary information, and is intended only for the named recipient to whom it was originally addressed. If you are not the intended recipient, any disclosure, distribution, or copying of this e-mail or its attachments is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately by return e-mail and permanently delete the e-mail and any attachments.
Reply | Threaded
Open this post in threaded view
|

Re: [EXT] CWE-1187 vs CWE-908 confusion

Steve Overland
I agree they seem like they are duplicates.

908 has better details so I would reference that one:


On Tue, Nov 12, 2019 at 5:55 AM Amy Gale <[hidden email]> wrote:

Both these IDs have the same Name "Use of Uninitialized Resource" and nearly the same Descriptions ("The software uses a resource that has not been properly initialized." vs "The software uses or accesses a resource that has not been initialized."), although completely disjoint sets of relationships with other IDs.


I am confused about which of these I should be using categorize relevant bugs. Both?


Amy Gale

GrammaTech, Inc.


The information contained in this e-mail and any attachments from GrammaTech, Inc may contain confidential and/or proprietary information, and is intended only for the named recipient to whom it was originally addressed. If you are not the intended recipient, any disclosure, distribution, or copying of this e-mail or its attachments is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately by return e-mail and permanently delete the e-mail and any attachments.
Reply | Threaded
Open this post in threaded view
|

RE: [EXT] CWE-1187 vs CWE-908 confusion

Andrew Buttner
Administrator
In reply to this post by Amy Gale

Thank you for pointing this out.  Unfortunately these are duplicate entries and we will deprecate (i.e., remove) one of them in the next release.  Looking at the two entries, CWE-908 is the "original" entry and should be used going forward.  CWE-1187 was added when we enhanced CWE to cover quality issues.  We had tried to not create duplicates but obviously missed this one.  We should have just referenced CWE-908 instead.

 

We will be fixing the content of CWE-908 as some of the details and relationships in CWE-1187 are more complete and correct.

 

There is no timeline for this next release, but expect it to be sometime after the new year and to include a number of corrections and enhancements including the addition of hardware related CWEs.

 

Thanks

Drew

 

 

From: Amy Gale <[hidden email]>
Sent: Monday, November 11, 2019 11:04 AM
To: CWE Research Discussion <[hidden email]>
Subject: [EXT] CWE-1187 vs CWE-908 confusion

 

Both these IDs have the same Name "Use of Uninitialized Resource" and nearly the same Descriptions ("The software uses a resource that has not been properly initialized." vs "The software uses or accesses a resource that has not been initialized."), although completely disjoint sets of relationships with other IDs.

 

I am confused about which of these I should be using categorize relevant bugs. Both?

 

Amy Gale

GrammaTech, Inc.


The information contained in this e-mail and any attachments from GrammaTech, Inc may contain confidential and/or proprietary information, and is intended only for the named recipient to whom it was originally addressed. If you are not the intended recipient, any disclosure, distribution, or copying of this e-mail or its attachments is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately by return e-mail and permanently delete the e-mail and any attachments.


smime.p7s (6K) Download Attachment