Re: [EXT] Improving CWE detection methods data

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Re: [EXT] Improving CWE detection methods data



Thanks for your note. This is great stuff. Coincidentally, the “detection methods” of our schema is one that we had identified for strengthening throughout the corpus. We recently expanded the scope of the project to include hardware-relevant weaknesses, and we had noticed that this is an important but sometimes inconsistently-populated schema element.

I’d love to touch base with you on this further. Please let me know if you and your team have time over the next couple weeks to support an initial conversation on this with some CWE team members.






Alec J. Summers

Cyber Solutions Innovation Center

Group Leader, Software Assurance

Cyber Security Engineer, Lead

O: (781) 271-6970

C: (781) 496-8426


MITRE - Solving Problems for a Safer World



From: Chris Horn <[hidden email]>
Organization: Secure Decisions, a division of Applied Visions, Inc.
Date: Tuesday, August 25, 2020 at 3:33 PM
To: <[hidden email]>
Cc: Trevor Bidhadar <[hidden email]>, Lucja Kot <[hidden email]>
Subject: [EXT] Improving CWE detection methods data



We suggest that MITRE could enrich the CWE taxonomy's weakness "detection methods" data using claimed weakness coverage from static analyzers. One value of these data is giving individuals and organizations a menu of options that can be used to improve their software development pipelines and increase their ability to detect software weaknesses.

In the process of developing Kompar, under contract with DHS S&T, Secure Decisions has curated claimed weakness coverage information for over 15 different static software analyzers. We categorize claimed weakness coverage using the CWE taxonomy; this information could be used to enhance the CWE taxonomy. 

Please see the attached document for more details.

Please let us know what you think,

w (518) 207-3111
m (703) 407-7389
PGP fingerprint EBD0 41C6 0CD1 3583 C7F2 E252 5350 DDE1 87C6 FE31