News no image

Published on June 8th, 2012 | by MaxiSoler


CWE v2.2 – Common Weakness Enumeration Released

Common Weakness Enumeration. A community-Developed Dictionary of Software Weakness Types.

The Common Weakness Enumeration (CWE™) is a list of software weaknesses. Creating the list is a community initiative. Together, these organizations and any others that wish to join the effort, are creating specific and succinct definitions for each of the elements in the CWE List. By leveraging the widest possible group of interests and talents we hope to ensure that the CWE elements are adequately described and differentiated.

Changelog v2.2

CWE Version 2.2 has been posted on the CWE List page. A detailed report is available that lists specific changes between Version 2.1 and Version 2.2.

The main changes include:
(1) creation of 23 new entries for two new views: CWE cross-section and Software Fault Patterns;
(2) updates for demonstrative examples in 118 entries, and observed examples in 72 entries;
(3) improvements to common consequences in 85 entries, improving support of Common Weakness Scoring System (CWSS™) and Common Weakness Risk Analysis Framework (CWRAF™);
(4) Common Attack Pattern Enumeration and Classification (CAPEC™) updates for 78 entries;
(5) 95 taxonomy mapping modifications to reflect the various CERT secure coding standards;
(6) additional references for 192 entries. In all, 683 entries were modified.

There were no schema modifications for this version.

PDF documents have been updated to display graphs of views such as the Research View (CWE-1000) and the Development View (CWE-699), and a “Printable CWE” document lists all of the entries in CWE.

More Information: here

Tags: , ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑