cwe-research-list
Thread
Date
Messages by Thread
[EXT] CWE-640 and use of security questions?
Jeffrey Walton
CWE REST API is now available!
Common Weakness Enumeration (CWE)
CWE Version 4.15 is now available!
Common Weakness Enumeration (CWE)
Microsoft committing to CWEs
Kurt Seifried
RE: Microsoft committing to CWEs
Connor Mullaly
CWE Version 4.14 is now available!
Common Weakness Enumeration (CWE)
CWE XML Problems
Kurt Seifried
RE: [EXT] CWE XML Problems
David B Rothenberg
Re: [EXT] CWE XML Problems
Kurt Seifried
RE: [EXT] Re: [EXT] CWE XML Problems
Steven M Christey
[EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
David A. Wheeler
Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
Andy Murren
Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
Alec J Summers
Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
Przemyslaw Roguski
Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
David A. Wheeler
Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
Hatfield, Arthur
Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
David A. Wheeler
Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
Kurt Seifried
Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
David A. Wheeler
Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper)
Kurt Seifried
[EXT] RE: Request for CWE: Improper Licensing (UNCLASSIFIED)
Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
RE: Request for CWE: Improper Licensing (UNCLASSIFIED)
Steven M Christey
[EXT] Re: Request for CWE: Improper Licensing (UNCLASSIFIED)
Kurt Seifried
[EXT] Re: Request for CWE: Improper Licensing (UNCLASSIFIED)
Przemyslaw Roguski
[EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED)
Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
[EXT] Re: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED)
Hatfield, Arthur
[EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED)
Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
Re: [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED)
Przemyslaw Roguski
Re: [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED)
Hatfield, Arthur
Re: [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED)
Kurt Seifried
RE: [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED)
Steven M Christey
15 “stubborn” CWEs that have appeared in every “CWE Top 25” list since 2019 with potential mitigations
Common Weakness Enumeration (CWE)
CWE Top 25 Weaknesses Trends from 2019 through 2023 now available!
Common Weakness Enumeration (CWE)
[EXT] HW CWE introduction slides
Mohan Lal
[EXT] Fwd: 2023 CWE Top 25 “On the Cusp” list now available!
Jeffrey Walton
2023 CWE Top 25 “On the Cusp” list now available!
Common Weakness Enumeration (CWE)
CWE-295, Improper Certificate Validation, and sample code
Jeffrey Walton
CWE Version 4.11 is Now Available!
Common Weakness Enumeration (CWE)
“2023 CWE Top 25” & CWE Version 4.12 are now available!
Common Weakness Enumeration (CWE)
CWE Version 4.10 is Now Available!
Common Weakness Enumeration (CWE)
CWE/CAPEC definitions update
Alec J Summers
Re: CWE/CAPEC definitions update
Kurt Seifried
CWE/CAPEC Definitions
Alec J Summers
Re: CWE/CAPEC Definitions
SJ Jazz
Re: CWE/CAPEC Definitions
Kurt Seifried
Re: CWE/CAPEC Definitions
Joe Baum
RE: CWE/CAPEC Definitions
James Pangburn
RE: CWE/CAPEC Definitions
Schweiger, Andreas Dr.
RE: CWE/CAPEC Definitions
Paul.Wortman
RE: [External] - RE: CWE/CAPEC Definitions
Paul Anderson
RE: CWE/CAPEC Definitions
Paul Wooderson
Re: CWE/CAPEC Definitions
SJ Jazz
Re: CWE/CAPEC Definitions
Landfield, Kent
Re: CWE/CAPEC Definitions
nazar.abdul
RE: CWE/CAPEC Definitions
Rob Wissmann
Re: CWE/CAPEC Definitions
SJ Jazz
RE: CWE/CAPEC Definitions
Rob Wissmann
Re: CWE/CAPEC Definitions
Hatfield, Arthur
Re: CWE/CAPEC Definitions
Hatfield, Arthur
Re: CWE/CAPEC Definitions
SJ Jazz
Re: CWE/CAPEC Definitions
David A. Wheeler
RE: CWE/CAPEC Definitions
Steven M Christey
RE: CWE/CAPEC Definitions
Rob Wissmann
Re: CWE/CAPEC Definitions
Kurt Seifried
FW: CWE/CAPEC Definitions
Alec J Summers
Is there a CWE for this?
Kurt Seifried
RE: [Non-DoD Source] Is there a CWE for this?
Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
Re: [Non-DoD Source] Is there a CWE for this?
Kurt Seifried
RE: [Non-DoD Source] Is there a CWE for this?
Steven M Christey
Re: [Non-DoD Source] Is there a CWE for this?
Kurt Seifried
RE: [Non-DoD Source] Is there a CWE for this?
Rob Wissmann
Re: [Non-DoD Source] Is there a CWE for this?
Kurt Seifried
RE: [Non-DoD Source] Is there a CWE for this?
Steven M Christey
CWE 2022 Top 25 Now Available
Rushi B Purohit
CWE-653 name
Rob Wissmann
Re: CWE-653 name
Kurt Seifried
Re: CWE-653 name
David A. Wheeler
Re: CWE-653 name
Yacouba Bamba
Re: CWE-653 name
Yacouba Bamba
Request for Feedback: Modifications to CWE-113 (HTTP Response Splitting) and CWE-444 (HTTP Response Smuggling)
Steven M Christey
Bad loop construct
Steve Grubb
Re: Bad loop construct
Kurt Seifried
Re: Bad loop construct
Steve Grubb
Re: Bad loop construct
Kurt Seifried
RE: Bad loop construct
Steven M Christey
Re: [External] - RE: Bad loop construct
Kevin Keen
Re: [External] - RE: Bad loop construct
David A. Wheeler
Re: Bad loop construct
Steve Grubb
Re: Bad loop construct
Kurt Seifried
Re: [External] - Re: Bad loop construct
Kevin Keen
Re: [External] - Re: Bad loop construct
llianghan
RE: [EXTERNAL]: Re: [External] - Re: Bad loop construct
Mahidhara, Shravan
RE: [EXTERNAL]: Re: [External] - Re: Bad loop construct
Kevin Hale
CWE 4.7 Now Available!
Alec J Summers
Recommendation: Deprecate CWE-365: Race Condition in Switch
Steve Battista
CWE/CAPEC REST API Working Group
Alec J Summers
New CWE for DNS domain normalization/canonicalization with trailing dot
Kurt Seifried
RE: New CWE for DNS domain normalization/canonicalization with trailing dot
Steven M Christey
Re: New CWE for DNS domain normalization/canonicalization with trailing dot
Kurt Seifried
Additional case for CWE-1007 - needs another CWE?
Kurt Seifried
Time to retire CWE-262 and CWE-263
Kurt Seifried
RE: Time to retire CWE-262 and CWE-263
Steven M Christey
RE: Time to retire CWE-262 and CWE-263
Chris Eng
Re: Time to retire CWE-262 and CWE-263
G. Ann Campbell
RE: Time to retire CWE-262 and CWE-263
Larry Shields
Re: Time to retire CWE-262 and CWE-263
Kurt Seifried
Re: Time to retire CWE-262 and CWE-263
Jeffrey Walton
Re: Time to retire CWE-262 and CWE-263
Jason Dryhurst-Smith
Re: Time to retire CWE-262 and CWE-263
Jeffrey Walton
CWE Clarification: CWE-1007 and Homoglphys in Source Code
Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
RE: CWE Clarification: CWE-1007 and Homoglphys in Source Code
Steven M Christey
Re: CWE Clarification: CWE-1007 and Homoglphys in Source Code
Wojtek Andrijew
CWE 129 - Example 3
John Thomas
Cross-configuration attacks
Jeffrey Walton
Re: Cross-configuration attacks
Kurt Seifried
RE: Cross-configuration attacks
Steven M Christey
Re: Cross-configuration attacks
SebastianGanson
Re: Cross-configuration attacks
Steve Battista
RE: Cross-configuration attacks
Steven M Christey
Re: Cross-configuration attacks
Kurt Seifried
Re: Cross-configuration attacks
Kerry Crouse
[EXT] Re: Cross-configuration attacks
Fredrick Omeniho
RE: Cross-configuration attacks
John Thomas
RE: Cross-configuration attacks
Paul.Wortman
RE: Cross-configuration attacks
Kanuparthi, Arun
CWE-499 Java Questions (UNCLASSIFIED)
Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
The 2021 CWE Top 25 is now available!
Alec J Summers