Yes, I concur with Chris. It would be useful to highlight the associated CAPEC IDs with the respective CWEs in OWASP 2021.
Regards, -Joe - Joe Jarzombek, CSSLP Director for Government & Critical Infrastructure Programs Email: [email protected]<mailto:[email protected]> | Mobile: 703 627-4644 | https://www.synopsys.com/solutions/aerospace-defense.html [cid:[email protected]] From: Chris Eng <[email protected]> Sent: Thursday, September 9, 2021 11:25 AM To: CWE CAPEC Board <[email protected]> Subject: OWASP 2021 View I believe OWASP is releasing their new Top 10 list in a couple of weeks during their 20th anniversary event. The draft is here: https://owasp.org/Top10/<https://urldefense.com/v3/__https:/owasp.org/Top10/__;!!A4F2R9G_pg!LxUArg3uxR2YcLXTdgxW9CNZ-PoLysrgeUON3FZR8652NByEYI5TIYnTJA1xIz16PngIpQ$>. If it's not already in the plan, can we prioritize getting a CWE View created for this as soon as possible after the list is finalized? Many users and vendors rely on the CWE View to create mappings for their programs/products.
