News & Events
News & Events
MITRE Hosts CWE Booth at InfoSec World 2013
MITRE hosted a "Strengthening Cyber Defense" booth that included CWE at InfoSec World Conference & Expo 2013 at Walt Disney World Swan and Dolphin in Orlando, Florida, USA, on April 15-17, 2013.
Visit the CWE Calendar for information on this and other events.
1 Product from WebLayers, Inc. Now Registered as Officially "CWE-Compatible"
One additional information security product has achieved the final stage of MITRE’s formal CWE Compatibility Program and is now officially "CWE-Compatible." The product is now eligible to use the CWE-Compatible Product/Service logo, and a completed and reviewed "CWE Compatibility Requirements Evaluation" questionnaire is posted for the product as part of the organization’s listing on the CWE-Compatible Products and Services page on the CWE Web site. A total of 22 products to-date have been recognized as officially compatible.
The following product is now registered as officially "CWE-Compatible":
Use of the official CWE-Compatible logo will allow system administrators and other security professionals to look for the logo when adopting SwA products and services for their enterprises and the compatibility process questionnaire will help end-users compare how different products and services satisfy the CWE compatibility requirements, and therefore which specific implementations are best for their networks and systems.
For additional information about CVE compatibility and to review all products and services listed, visit the CWE Compatibility Program and CWE-Compatible Products and Services.
Conviso Application Security Makes Declaration of CWE Compatibility
Conviso Application Security declared that its vulnerability identification and management product, Conviso Security Compliance (CSC), is CWE-Compatible. For additional information about this and other compatible products, visit the CWE Compatibility and Effectiveness section.
CWE/CWRAF Briefing and Secure Coding Briefing at IEEE Secure Software Technology Conference 2013
CWE/CAPEC Program Manager Robert A. Martin presented a briefing entitled "Tagging Your Binaries with a Risk Analysis Measurement from CWE/CWRAF" and a briefing entitled "Organizing Your Secure Coding Efforts for Automation, Compliance, and Successful Risk Management" at IEEE Software Technology Conference (STC) 2013 on April 8-10, 2013 in Salt Lake City, Utah, USA.
Visit the CWE Calendar for information on this and other events.
Photos from CWE Booth at RSA 2013
MITRE hosted a "Strengthening Cyber Defense" booth that included CWE at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013.
Strengthening Cyber Defense booth photos:
Visit the CWE Calendar for information on this and other events.
1 Product from Denim Group, Ltd. Now Registered as Officially "CWE-Compatible"
One additional information security product has achieved the final stage of MITRE’s formal CWE Compatibility Program and is now officially "CWE-Compatible." The product is now eligible to use the CWE-Compatible Product/Service logo, and a completed and reviewed "CWE Compatibility Requirements Evaluation" questionnaire is posted for the product as part of the organization’s listing on the CWE-Compatible Products and Services page on the CWE Web site. A total of 21 products to-date have been recognized as officially compatible.
The following product is now registered as officially "CWE-Compatible":
Use of the official CWE-Compatible logo will allow system administrators and other security professionals to look for the logo when adopting SwA products and services for their enterprises and the compatibility process questionnaire will help end-users compare how different products and services satisfy the CWE compatibility requirements, and therefore which specific implementations are best for their networks and systems.
For additional information about CVE compatibility and to review all products and services listed, visit the CWE Compatibility Program and CWE-Compatible Products and Services.
CWE/CWRAF Briefing and Secure Coding Briefing at IEEE Secure Software Technology Conference 2013, April 8-10
CWE/CAPEC Program Manager Robert A. Martin will present a briefing entitled "Tagging Your Binaries with a Risk Analysis Measurement from CWE/CWRAF" and a briefing entitled "Organizing Your Secure Coding Efforts for Automation, Compliance, and Successful Risk Management" at IEEE Software Technology Conference (STC) 2013 on April 8-10, 2013 in Salt Lake City, Utah, USA.
The "Tagging Your Binaries with a Risk Analysis Measurement from CWE/CWRAF" briefing will discuss how Common Weakness Enumeration (CWE™) and Common Weakness Risk Analysis Framework (CWRAF™) can be used to "create ‘An Assurance Tag for Binaries’, basically an assurance "food label" for code. This talk will conclude with a discussion of what such an item could look like, what it could capture, how the information could be obtained, who would/could create them, and how they could be represented for humans and machines to use."
The "Organizing Your Secure Coding Efforts for Automation, Compliance, and Successful Risk Management" briefing will discuss the "Defense Information Systems Agency’s new application Security Recommendation Guide (SRG) for mobile apps as well as their Application Security Technical Implementation Guide and the National Institute of Standards and Technology’s App Vetting Special Publication 163. Learn about how to structure and manage your organization’s secure coding activities so you can leverage commercial assessment tools, comply with these new mandates and, more importantly, make your software less vulnerable to exploit and better prepared to perform its mission while under cyber attack."
Visit the CWE Calendar for information on this and other events.
"Measurable Software Assurance Against Expected Threats" Briefing Available as Webcast on BrightTalk.com
The "Measurable Software Assurance Against Expected Threats" briefing is now available as a webcast on BrightTalk.com. The briefing, which was presented by CWE/CAPEC Program Manager Robert A. Martin at DHS Software Assurance Summit 2013 on February 21, 2013 in Gaithersburg, Maryland, USA, includes discussion of Common Weakness Enumeration (CWE™), Common Attack Pattern Enumeration and Classification (CAPEC™), Common Weakness Scoring System (CWSS™), and Common Weakness Risk Analysis Framework (CWRAF™), and details how the "use of structured assurance case tools and methods can ease the navigation and explanation of what was done to address the weaknesses of a system for third party review and the evolution and understanding of why someone should have confidence and assurance about a system throughout its lifetime."
MITRE to Host CWE Booth at InfoSec World 2013, April 15-17
MITRE will host a "Strengthening Cyber Defense" booth that includes CWE at InfoSec World Conference & Expo 2013 at Walt Disney World Swan and Dolphin in Orlando, Florida, USA, on April 15-17, 2013. Attendees will learn how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.
Members of the CWE Team will be in attendance. Please stop by Booth 313 and say hello!
Visit the CWE Calendar for information on this and other events.
MITRE Hosts CWE Booth at RSA 2013
MITRE hosted a booth about "Strengthening Cyber Defense" that includes CWE at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013.
Visit the CWE Calendar for information on this and other events.
CWE/CWSS/CWRAF/CAPEC Briefing at DHS Software Assurance Summit 2013
CWE/CAPEC Program Manager Robert A. Martin presented a briefing entitled "Measurable Software Assurance Against Expected Threats" at DHS Software Assurance Summit 2013 on February 21, 2013 in Gaithersburg, Maryland, USA.
The briefing included discussion of Common Weakness Enumeration (CWE), Common Attack Pattern Enumeration and Classification (CAPEC), Common Weakness Scoring System (CWSS), and Common Weakness Risk Analysis Framework (CWRAF), and details how the "use of structured assurance case tools and methods can ease the navigation and explanation of what was done to address the weaknesses of a system for third party review and the evolution and understanding of why someone should have confidence and assurance about a system throughout its lifetime."
Visit the CWE Calendar for information on this and other events.
CWE Version 2.4 Now Available
CWE Version 2.4 has been posted on the CWE List page. A detailed report is available that lists specific changes between Version 2.3 and Version 2.4.
In all, 96 entries were modified. The main changes include: 11 new entries covering a variety of weaknesses; (2) significant changes to several entries, related mostly to password hashes, certificates, deserialization, XML-related attacks; (3) name and description changes for 11 and 15 entries respectively; (4) relationship changes for 44 entries, primarily reflecting re-organization of parts of the research view; (5) mitigation updates in 36 entries; (6) updated fields to start showing links with mobile applications; and (7) updates in at least 10 entries for alternate terms, observed examples, demonstrative examples, references, and applicable platforms.
The schema was updated to version 5.3 to support tracking weaknesses related to mobile applications.
PDF documents have been updated to display graphs of views such as the Research View (CWE-1000) and the Development View (CWE-699), and a "Printable CWE" document lists all of the entries in CWE.
Future updates will be noted here and on the CWE Researcher email discussion list. Please send any comments or concerns to cwe@mitre.org.
CWE/CWSS/CWRAF/CAPEC Briefing at DHS Software Assurance Summit 2013 on February 21
CWE/CAPEC Program Manager Robert A. Martin will present a briefing entitled "Measurable Software Assurance Against Expected Threats" at DHS Software Assurance Summit 2013 on February 21, 2013 in Gaithersburg, Maryland, USA.
The briefing will include discussion of Common Weakness Enumeration (CWE), Common Attack Pattern Enumeration and Classification (CAPEC), Common Weakness Scoring System (CWSS), and Common Weakness Risk Analysis Framework (CWRAF), and detail how the "use of structured assurance case tools and methods can ease the navigation and explanation of what was done to address the weaknesses of a system for third party review and the evolution and understanding of why someone should have confidence and assurance about a system throughout its lifetime."
Visit the CWE Calendar for information on this and other events.
MITRE to Host CWE Booth at RSA 2013, February 25 – March 1
MITRE will host a booth about "Strengthening Cyber Defense" that includes CWE at RSA Conference 2013 at the Moscone Center in San Francisco, California, USA, on February 25 – March 1, 2013. Attendees will learn how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.
Members of the CWE Team will be in attendance. Please stop by Booth 2617 and say hello!
Visit the CWE Calendar for information on this and other events.
Updated CWE Introductory Flyer Now Available
The updated CWE Introductory Flyer, which is a brief two-page introduction to the CWE effort, is now available on the Documents page.
CWSS/CWRAF Introductory Flyer Now Available
The CWSS/CWRAF Introductory Flyer, which is a brief two-page introduction to the Common Weakness Scoring System (CWSS™) and Common Weakness Risk Analysis Framework (CWRAF™) efforts, is now available on the Documents page.
MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2013
MITRE has announced its initial Making Security Measurable calendar of events for 2013. Details regarding MITRE’s scheduled participation at these events are noted on the CWE Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.
Other events may be added throughout the year. Visit the CWE Calendar for information or contact cwe@mitre.org to have MITRE present a briefing or participate in a panel discussion about CWE™, CWSS™, CAPEC™, CVE®, OVAL®, CCE™, CPE™, CEE™, MAEC™, CybOX™, STIX™, TAXII™, and/or Making Security Measurable at your event.
Visit the CWE Calendar for information on this and other events.
|
