The Submission_ReleaseDate is confirmed for these CWEs and may be regarded as authoritative for all CWE entries from Draft 9 and later, circa April 2008. (Dates were added programmatically for all CWE entries within the past couple years.) Dates can be confirmed by looking at the diff reports at https://cwe.mitre.org/data/archive.html
One point of clarification: your request asked about new CWE “entries,” but it appears you intended to ask about <weaknesses>. CWE “entries” include all items with a CWE ID, whether they are weaknesses, categories, or views. During the past few years, we’ve created many views and categories that are not in your weakness-only list below. - Steve From: Kurt Seifried <k...@seifried.org> Sent: Monday, March 4, 2024 2:11 PM To: David B Rothenberg <drothenb...@mitre.org> Cc: Private CWE CAPEC Board <private-cwe-capec-board-l...@mitre.org>; CWE Research Discussion <cwe-research-list@mitre.org> Subject: [EXT] Re: [EXT] CWE XML Problems This Message Is From an External Sender This message originates outside of MITRE. If you feel this is suspicious, please report it via "Report Suspicious Email" button in Outlook. thatAh yes, I was derping around in notepad.exe which is "helpful" (compared to say emacs). Next question: with respect to the Submission_ReleaseDate is this data correct for the last 2 years: ID,Name,Release Date 1204,Generation of Weak Initialization Vector (IV),2021-03-15 1333,Inefficient Regular Expression Complexity,2021-03-15 1335,Incorrect Bitwise Shift of Integer,2021-07-20 1336,Improper Neutralization of Special Elements Used in a Template Engine,2021-07-20 1339,Insufficient Precision or Accuracy of a Real Number,2021-07-20 1341,Multiple Releases of Same Resource or Handle,2021-10-28 1342,Information Exposure through Microarchitectural State after Transient Execution,2021-10-28 1351,Improper Handling of Hardware Behavior in Exceptionally Cold Environments,2021-07-20 1357,Reliance on Insufficiently Trustworthy Component,2022-04-28 1384,Improper Handling of Physical or Environmental Conditions,2022-04-28 1385,Missing Origin Validation in WebSockets,2022-04-28 1386,Insecure Operation on Windows Junction / Mount Point,2022-06-28 1389,Incorrect Parsing of Numbers with Different Radices,2022-10-13 1390,Weak Authentication,2022-10-13 1391,Use of Weak Credentials,2022-10-13 1392,Use of Default Credentials,2022-10-13 1393,Use of Default Password,2022-10-13 1394,Use of Default Cryptographic Key,2022-10-13 1395,Dependency on Vulnerable Third-Party Component,2023-01-31 1419,Incorrect Initialization of Resource,2023-10-26 1420,Exposure of Sensitive Information during Transient Execution,2024-02-29 1421,Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution,2024-02-29 1422,Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution,2024-02-29 1423,Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution,2024-02-29 e.g. that's ALL the new CWE entries, correct? On Mon, Mar 4, 2024 at 11:58 AM David B Rothenberg <drothenb...@mitre.org<mailto:drothenb...@mitre.org>> wrote: Hi Kurt, Thank you for reaching out. I have taken a close look at the XML zip file for View 699 and think I can help clarify this observation. The attribute in question is the xsi:schemaLocation attribute. According to https://www.w3schools.com/xml/schema_schema.asp#:~:text=schemaLocation%20attribute, this attribute is in fact a two value pair representing the declared namespace + schema document location. The declared namespace for CWE has historically been tied to the major schema version (“http://cwe.mitre.org/cwe-7”) but is only a symbolic representation. The document location at the top of these files do change with each schema release. I believe that the line break observed is a result of your XML editor tool auto-wrapping long lines. When viewing the file in my editor with all line breaks and other symbols visible, there is nothing extra between those two space-delimited values. You should be able to confirm this be resizing the window and looking for these two values to wrap together when possible. Let us know if you have any further questions! Thanks, David Rothenberg From: Kurt Seifried <k...@seifried.org<mailto:k...@seifried.org>> Sent: Monday, March 4, 2024 1:01 PM To: Private CWE CAPEC Board <private-cwe-capec-board-l...@mitre.org<mailto:private-cwe-capec-board-l...@mitre.org>>; CWE Research Discussion <cwe-research-list@mitre.org<mailto:cwe-research-list@mitre.org>> Subject: [EXT] CWE XML Problems This Message Is From an External Sender This message originates outside of MITRE. If you feel this is suspicious, please report it via "Report Suspicious Email" button in Outlook. <?xml version="1.0" encoding="UTF-8"?> <Weakness_Catalog xmlns="http://cwe.mitre.org/cwe-7"; xmlns:xhtml="http://www.w3.org/1999/xhtml"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; Name="VIEW LIST: CWE-699: Software Development" Version="4.14" Date="2024-02-29" xsi:schemaLocation="http://cwe.mitre.org/cwe-7 http://cwe.mitre.org/data/xsd/cwe_schema_v7.1.xsd";> <Weaknesses> should probably just be https://cwe.mitre.org/data/xsd/cwe_schema_v7.1.xsd, not sure why http://cwe.mitre.org/cwe-7 with a line return is in there? -- Kurt Seifried (He/Him) k...@seifried.org<mailto:k...@seifried.org> -- Kurt Seifried (He/Him) k...@seifried.org<mailto:k...@seifried.org>
