Schema Differences between Schema Version 4.2 and Schema Version 4.3
Version 1.2 Schema File: cwe_schema_v4.2.xsd -> Version 1.7 Schema File: cwe_schema_v4.3.xsd
Minor Changes from 4.2 -> 4.2.1
Added HTML and XML to "Language_Type" enumeration.
Major Changes from 4.2 -> 4.3
Changed "Frequency" attribute across various Applicable_Platforms sub-elements to "Prevalence". This was done due to multiple, conflicting interpretations of the "Frequency" attribute. The documentation has also been updated accordingly to remove any ambiguity.
Added a subelement to Detection_Factors called "Detection_Factor_Effectiveness" which identifies how effective a particular method of detection may be for finding a weakness. The Detection_Method element was also turned into a restricted list of strings instead of free text.
In the Common_Consequences element, the Consequence_Effect element was changed to "Consequence_Note" to be consistent with the descriptive field usage throughout the rest of CWE. Additionally, the field "Consequence_Technical_Impact" was added to do a better job of highlighting specific, common impacts of a weakness. As such, the values for Consequence_Technical_Impact are limited a list of restricted strings.
In the Potential_Mitigations element, a new subelement called "Mitigation_Strategy" was added in order to capture common, general strategies that can be used to address a weakness. Additionally Mitigation_ID was moved to an attribute of each mitigation instead of its own sub-element.
ID fields were added or made to be consistent in the Mitigation, Demonstrative_Example, Reference, and Detection_Factor elements. This is primarily for future usage in minimizing the amount of text that gets duplicated and to increase maintainability of some of the fields. It will also help to proliferate common text throughout CWE.
More information is available — Please edit the custom filter or select a different filter.
|