[EXT] Template for submitting new CWE's

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[EXT] Template for submitting new CWE's

Kurt Seifried
So I looked through the schema (top of https://cwe.mitre.org/about/documents.html) is there an actual schema definition for XML/JSON versions of this data? I have about 20 CWE's candidates to submit and I'd like to make some structured entries or at least well formatted entries, share them (e.g. in google drive) and let people comment/etc so we don't get crazy email threads. A quick look at some entries (can MITRE supply a list of the possible values, see the TODO entries?):

Description - 1 sentence


Extended Description - Details


Relationships - other CWEs/etc it is related to


Modes of introduction:


Phase: TODO: find list of phases


Applicable Platforms:

Languages

Paradigms

Technologies

TODO: find list of platforms


Common Consequences:

Scope and Impact

Todo: find a list of scopes and impacts


Likelihood Of Exploit:

High (other values?)


Demonstrative Examples:

Example 1, etc.


Potential Mitigations:

Phases: TODO get full list of Phases

Phase: Architecture and Design

Phase: Implementation; Architecture and Design

Phases: Architecture and Design; Implementation

Phase: Operation

Phases: Operation; Implementation


Memberships:

Nature / Type / ID / Name


Notes:

TODO: list of all notes

Applicable Platform

Relationship


--
Kurt Seifried
[hidden email]