cwe-research-list

Messages by Thread

[EXT] CWE-640 and use of security questions? Jeffrey Walton
CWE REST API is now available! Common Weakness Enumeration (CWE)
CWE Version 4.15 is now available! Common Weakness Enumeration (CWE)
Microsoft committing to CWEs Kurt Seifried
- RE: Microsoft committing to CWEs Connor Mullaly
CWE Version 4.14 is now available! Common Weakness Enumeration (CWE)
CWE XML Problems Kurt Seifried
- RE: [EXT] CWE XML Problems David B Rothenberg
- Re: [EXT] CWE XML Problems Kurt Seifried
- RE: [EXT] Re: [EXT] CWE XML Problems Steven M Christey
[EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) David A. Wheeler
- Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) Andy Murren
- Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) Alec J Summers
- Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) Przemyslaw Roguski
- Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) David A. Wheeler
- Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) Hatfield, Arthur
- Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) David A. Wheeler
- Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) Kurt Seifried
- Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) David A. Wheeler
- Re: [EXT] Proposal: Add "Insecure default" as a general CWE category (per "Secure-by-design" paper) Kurt Seifried
[EXT] RE: Request for CWE: Improper Licensing (UNCLASSIFIED) Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
- RE: Request for CWE: Improper Licensing (UNCLASSIFIED) Steven M Christey
- [EXT] Re: Request for CWE: Improper Licensing (UNCLASSIFIED) Kurt Seifried
- [EXT] Re: Request for CWE: Improper Licensing (UNCLASSIFIED) Przemyslaw Roguski
- [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED) Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
- [EXT] Re: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED) Hatfield, Arthur
- [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED) Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
- Re: [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED) Przemyslaw Roguski
- Re: [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED) Hatfield, Arthur
- Re: [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED) Kurt Seifried
- RE: [EXT] RE: [Non-DoD Source] Re: Request for CWE: Improper Licensing (UNCLASSIFIED) Steven M Christey
15 “stubborn” CWEs that have appeared in every “CWE Top 25” list since 2019 with potential mitigations Common Weakness Enumeration (CWE)
CWE Top 25 Weaknesses Trends from 2019 through 2023 now available! Common Weakness Enumeration (CWE)
[EXT] HW CWE introduction slides Mohan Lal
[EXT] Fwd: 2023 CWE Top 25 “On the Cusp” list now available! Jeffrey Walton
2023 CWE Top 25 “On the Cusp” list now available! Common Weakness Enumeration (CWE)
CWE-295, Improper Certificate Validation, and sample code Jeffrey Walton
CWE Version 4.11 is Now Available! Common Weakness Enumeration (CWE)
- “2023 CWE Top 25” & CWE Version 4.12 are now available! Common Weakness Enumeration (CWE)
CWE Version 4.10 is Now Available! Common Weakness Enumeration (CWE)
CWE/CAPEC definitions update Alec J Summers
- Re: CWE/CAPEC definitions update Kurt Seifried
CWE/CAPEC Definitions Alec J Summers
- Re: CWE/CAPEC Definitions SJ Jazz
- Re: CWE/CAPEC Definitions Kurt Seifried
- Re: CWE/CAPEC Definitions Joe Baum
- RE: CWE/CAPEC Definitions James Pangburn
- RE: CWE/CAPEC Definitions Schweiger, Andreas Dr.
- RE: CWE/CAPEC Definitions Paul.Wortman
- RE: [External] - RE: CWE/CAPEC Definitions Paul Anderson
- RE: CWE/CAPEC Definitions Paul Wooderson
- Re: CWE/CAPEC Definitions SJ Jazz
- Re: CWE/CAPEC Definitions Landfield, Kent
- Re: CWE/CAPEC Definitions nazar.abdul
- RE: CWE/CAPEC Definitions Rob Wissmann
- Re: CWE/CAPEC Definitions SJ Jazz
- RE: CWE/CAPEC Definitions Rob Wissmann
- Re: CWE/CAPEC Definitions Hatfield, Arthur
- Re: CWE/CAPEC Definitions Hatfield, Arthur
- Re: CWE/CAPEC Definitions SJ Jazz
- Re: CWE/CAPEC Definitions David A. Wheeler
- RE: CWE/CAPEC Definitions Steven M Christey
- RE: CWE/CAPEC Definitions Rob Wissmann
- Re: CWE/CAPEC Definitions Kurt Seifried
- FW: CWE/CAPEC Definitions Alec J Summers
Is there a CWE for this? Kurt Seifried
- RE: [Non-DoD Source] Is there a CWE for this? Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
- Re: [Non-DoD Source] Is there a CWE for this? Kurt Seifried
- RE: [Non-DoD Source] Is there a CWE for this? Steven M Christey
- Re: [Non-DoD Source] Is there a CWE for this? Kurt Seifried
- RE: [Non-DoD Source] Is there a CWE for this? Rob Wissmann
- Re: [Non-DoD Source] Is there a CWE for this? Kurt Seifried
- RE: [Non-DoD Source] Is there a CWE for this? Steven M Christey
CWE 2022 Top 25 Now Available Rushi B Purohit
CWE-653 name Rob Wissmann
- Re: CWE-653 name Kurt Seifried
- Re: CWE-653 name David A. Wheeler
- Re: CWE-653 name Yacouba Bamba
- Re: CWE-653 name Yacouba Bamba
Request for Feedback: Modifications to CWE-113 (HTTP Response Splitting) and CWE-444 (HTTP Response Smuggling) Steven M Christey
Bad loop construct Steve Grubb
- Re: Bad loop construct Kurt Seifried
- Re: Bad loop construct Steve Grubb
- Re: Bad loop construct Kurt Seifried
- RE: Bad loop construct Steven M Christey
- Re: [External] - RE: Bad loop construct Kevin Keen
- Re: [External] - RE: Bad loop construct David A. Wheeler
- Re: Bad loop construct Steve Grubb
- Re: Bad loop construct Kurt Seifried
- Re: [External] - Re: Bad loop construct Kevin Keen
- Re: [External] - Re: Bad loop construct llianghan
- RE: [EXTERNAL]: Re: [External] - Re: Bad loop construct Mahidhara, Shravan
- RE: [EXTERNAL]: Re: [External] - Re: Bad loop construct Kevin Hale
CWE 4.7 Now Available! Alec J Summers
Recommendation: Deprecate CWE-365: Race Condition in Switch Steve Battista
CWE/CAPEC REST API Working Group Alec J Summers
New CWE for DNS domain normalization/canonicalization with trailing dot Kurt Seifried
- RE: New CWE for DNS domain normalization/canonicalization with trailing dot Steven M Christey
- Re: New CWE for DNS domain normalization/canonicalization with trailing dot Kurt Seifried
Additional case for CWE-1007 - needs another CWE? Kurt Seifried
Time to retire CWE-262 and CWE-263 Kurt Seifried
- RE: Time to retire CWE-262 and CWE-263 Steven M Christey
- RE: Time to retire CWE-262 and CWE-263 Chris Eng
- Re: Time to retire CWE-262 and CWE-263 G. Ann Campbell
- RE: Time to retire CWE-262 and CWE-263 Larry Shields
- Re: Time to retire CWE-262 and CWE-263 Kurt Seifried
- Re: Time to retire CWE-262 and CWE-263 Jeffrey Walton
- Re: Time to retire CWE-262 and CWE-263 Jason Dryhurst-Smith
- Re: Time to retire CWE-262 and CWE-263 Jeffrey Walton
CWE Clarification: CWE-1007 and Homoglphys in Source Code Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
- RE: CWE Clarification: CWE-1007 and Homoglphys in Source Code Steven M Christey
- Re: CWE Clarification: CWE-1007 and Homoglphys in Source Code Wojtek Andrijew
CWE 129 - Example 3 John Thomas
Cross-configuration attacks Jeffrey Walton
- Re: Cross-configuration attacks Kurt Seifried
- RE: Cross-configuration attacks Steven M Christey
- Re: Cross-configuration attacks SebastianGanson
- Re: Cross-configuration attacks Steve Battista
- RE: Cross-configuration attacks Steven M Christey
- Re: Cross-configuration attacks Kurt Seifried
- Re: Cross-configuration attacks Kerry Crouse
- [EXT] Re: Cross-configuration attacks Fredrick Omeniho
- RE: Cross-configuration attacks John Thomas
- RE: Cross-configuration attacks Paul.Wortman
- RE: Cross-configuration attacks Kanuparthi, Arun
CWE-499 Java Questions (UNCLASSIFIED) Hood, Jonathan W CTR USARMY DEVCOM AVMC (USA)
The 2021 CWE Top 25 is now available! Alec J Summers