I really like the mapping guidance – not sure how long these have been in place without me noticing, but I got a question about it at work the other day and it led to a good conversation.
[cid:[email protected]] Looks like I can’t make the meeting this month – I only saw 3 options listed and they were all during roughly the same timeframe. From: Alec J Summers <[email protected]> Sent: Monday, June 17, 2024 7:52 AM To: Oberg, Jason <[email protected]> Cc: CWE CAPEC Board <[email protected]> Subject: [EXTERNAL] Re: [EXT] Re: CWE Usability Work External Message Disclaimer This message originated from an external source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email. ________________________________ Thanks, Jason. Appreciate the feedback. As a reminder, here is a doodle poll for determining a monthly 1hr Board meeting series: https://doodle.com/meeting/participate/id/bqMqLG2b<https://doodle.com/meeting/participate/id/bqMqLG2b> Cheers, Alec -- Alec J. Summers Cyber Security Engineer, Principal Group Lead, Cybersecurity Operations and Integration Center for Securing the Homeland (CSH) –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World™ From: Jason Oberg <[email protected]<mailto:[email protected]>> Date: Friday, June 14, 2024 at 4:48 PM To: Alec J Summers <[email protected]<mailto:[email protected]>> Cc: CWE CAPEC Board <[email protected]<mailto:[email protected]>> Subject: [EXT] Re: CWE Usability Work Hi Alec and all, I really like the images that are in each of the mock-ups. That really helps provide quick context into whether the CWE is relevant for the CWE user without reading a lot of detail. It also looks like the proposed changes also Hi Alec and all, I really like the images that are in each of the mock-ups. That really helps provide quick context into whether the CWE is relevant for the CWE user without reading a lot of detail. It also looks like the proposed changes also move up the Common Consequences and Potential Mitigations up to the top, just after the description? I do like that reorganization as well. In terms of the next meeting, I am traveling 6/19 so unfortunately unavailable. In general, I am fine with a monthly 1 hour meeting. Thanks, Jason On Wed, Jun 12, 2024 at 8:19 AM Alec J Summers <[email protected]<mailto:[email protected]>> wrote: CWE Board Members, Good morning! I hope you are all well. As discussed in our last meeting, the team has been engaging with the CWE stakeholder community on addressing CWE usability challenges. We are currently in the process of making changes to the presentation of some CWE entries and have prepared a set of usability mockups for your review. The UEWG and the RCM WGs are the public forums for a lot of the discussions around this work. The input we have received in these forums has been invaluable and we are eager to continue this collaborative approach as we refine the presentation of CWE entries. We are sharing some mockups so you may see what changes we a proposing in response to community feedback. Please note that the content within these mockups is still actively being worked on and should be considered as drafts. Here is a quick summary of what the proposed changes entail: * Concise summary of the weakness with a visual aid. * A slight reordering of elements to be 'Alternate Terms', 'Consequences', then 'Mitigations'. * Remaining elements to follow. You can view some current examples at this URL: https://drive.google.com/drive/folders/1NqYbkZcyXE7xzIhyADFFRjHXpuKvV01Q?usp=drive_link<https://drive.google.com/drive/folders/1NqYbkZcyXE7xzIhyADFFRjHXpuKvV01Q?usp=drive_link> We would also like to discuss these mockups during our next CWE Board meeting. Also, as previously discussed, many members believe that the CWE Board should meet more regularly given the needs for the CWE Program’s continued modernization and advancement. I am proposing a shift to a monthly 1hr meeting for this purpose. Here is a doodle poll to kick things off: https://doodle.com/meeting/participate/id/bqMqLG2b<https://doodle.com/meeting/participate/id/bqMqLG2b> Cheers, Alec -- Alec J. Summers Cyber Security Engineer, Principal Group Lead, Cybersecurity Operations and Integration Center for Securing the Homeland (CSH) –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World™
