CWE - Discussion of Issues in CWE Draft 6

Home > Community > Research > Discussion of Issues in CWE Draft 6

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
Community
Related Activities
Discussion List
CWE Research
Discussion List Archives
Working Documents

Discussion of Issues in CWE Draft 6
Discussion of Issues in CWE Draft 6

Following is a summary of the main overall issues in CWE Draft 6.

Some "weakness" nodes are not about weaknesses. The most noticeable are nodes that are focused on attacks (e.g. HTTP Response Splitting, Man-in-the-Middle). CWE also has grouping nodes such as "Authentication Issues" that might be useful for navigation but are not weaknesses themselves.
Abstraction Challenges. Some nodes might be broken down into sub-nodes in ways that don't make sense to some users. Others might be regarded as too high-level. Some nodes might be too low-level.
Different Perspectives. CWE nodes can be organized and described along different perspectives, which might not be suitable for some users.
Usability. There are different types of users of CWE, but its current layout and navigation is relatively limited.
Incomplete Entries. There are numerous fields available for CWE nodes, but many entries do not have as much detailed information as they could, including the description and relationships.
Vague Names or Descriptions. Some entries have names or descriptions that do not clearly describe the issue.

Document version: 0.1 Date: September 13, 2007

This is a draft document. It is intended to support maintenance of CWE, and to educate and solicit feedback from a specific technical audience. This document does not reflect any official position of the MITRE Corporation or its sponsors. Copyright © 2007, The MITRE Corporation. All rights reserved. Permission is granted to redistribute this document if this paragraph is not removed. This document is subject to change without notice.

Page Last Updated: September 05, 2008


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us