Re: Question about the data

Wed, 17 Nov 2021 05:50:12 -0800 

Kurt,

Good morning, and thanks for your note. I wanted to double check with the team 
on this and was able to confirm my supposition.

As you know, some CWE entries are ‘Weaknesses’, whereas others are 
‘Categories’, and others are ‘Views’.

The CWE XML – as specified in the schema – first lists all weaknesses (under 
the <Weaknesses> element), then all categories (under the <Categories> 
element), etc.

You can confirm that CWE-2 is in the downloaded XML by doing a simple grep for 
‘ID=”2”’ and noting that there is an element with the following line:

    <Category ID="2" Name="7PK - Environment" Status="Draft">

We have downloaded the latest cwec file using the URL that you specified and 
confirmed the existence of CWE-2.

You can use the following command line to see all the listed entries (tested on 
Red Hat Linux):

    egrep '<(Weakness|Category|View).*ID="[0-9]+"' cwec_v4.6.xml

To confirm that CWE-1 is present, try the following command:

   egrep '<(Weakness|Category|View).*ID="[0-9]+"' cwec_v4.6.xml | egrep 'ID="1"

The total list of deprecated entries (23 weaknesses, 35 categories, and 3 views 
– total of 61) can be viewed here: 
https://cwe.mitre.org/data/definitions/604.html

Best,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426
––––––––––––––––––––––––––––––––––––
MITRE - Solving Problems for a Safer World


From: Kurt Seifried <k...@seifried.org>
Date: Tuesday, November 16, 2021 at 8:48 PM
To: CWE CAPEC Board <cwe-capec-board-list@mitre.org>
Subject: Question about the data
I just grabbed the XML data 
(https://cwe.mitre.org/data/xml/cwec_latest.xml.zip) and was looking through 
it, by ID, so from the start e.g.:

5
6
7
8
9
11
12
13
14
15
20

And some are missing, when I went and looked I got:

https://cwe.mitre.org/data/definitions/1.html
deprecated (makes sense)

https://cwe.mitre.org/data/definitions/2.html
CWE CATEGORY: 7PK - Environment

https://cwe.mitre.org/data/definitions/3.html
https://cwe.mitre.org/data/definitions/4.html
deprecated (makes sense)

I'm wondering what the deal with CWE-2 is, it's clearly not terribly useful, 
but it's.. sort of alive? Dead? Zombie?

The CWE ID's go up to 1351 and of those there are 947 live ones, does that 
sound right (so 400+ are deprecated?).

--
Kurt Seifried (He/Him)
k...@seifried.org<mailto:k...@seifried.org>

Reply via email to