Re: [EXT] Improving CWE detection methods data

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: [EXT] Improving CWE detection methods data

asummers
Administrator

Chris,

Thanks for your note. This is great stuff. Coincidentally, the “detection methods” of our schema is one that we had identified for strengthening throughout the corpus. We recently expanded the scope of the project to include hardware-relevant weaknesses, and we had noticed that this is an important but sometimes inconsistently-populated schema element.

I’d love to touch base with you on this further. Please let me know if you and your team have time over the next couple weeks to support an initial conversation on this with some CWE team members.

 

Cheers,

Alec

 

-- 

Alec J. Summers

Cyber Solutions Innovation Center

Group Leader, Software Assurance

Cyber Security Engineer, Lead

O: (781) 271-6970

C: (781) 496-8426

––––––––––––––––––––––––––––––––––––

MITRE - Solving Problems for a Safer World

 

 

From: Chris Horn <[hidden email]>
Organization: Secure Decisions, a division of Applied Visions, Inc.
Date: Tuesday, August 25, 2020 at 3:33 PM
To: <[hidden email]>
Cc: Trevor Bidhadar <[hidden email]>, Lucja Kot <[hidden email]>
Subject: [EXT] Improving CWE detection methods data

 

All,

We suggest that MITRE could enrich the CWE taxonomy's weakness "detection methods" data using claimed weakness coverage from static analyzers. One value of these data is giving individuals and organizations a menu of options that can be used to improve their software development pipelines and increase their ability to detect software weaknesses.

In the process of developing Kompar, under contract with DHS S&T, Secure Decisions has curated claimed weakness coverage information for over 15 different static software analyzers. We categorize claimed weakness coverage using the CWE taxonomy; this information could be used to enhance the CWE taxonomy. 

Please see the attached document for more details.

Please let us know what you think,
Chris

-- 
w (518) 207-3111
m (703) 407-7389
https://securedecisions.com
PGP fingerprint EBD0 41C6 0CD1 3583 C7F2 E252 5350 DDE1 87C6 FE31