Re: Question about the data

[Kurt Seifried]

Ahh ok, I was just looking at "https://cwe.mitre.org/community/submissions/guidelines.html doesn't
list which are important/etc.

and does it matter at all or is good enough ok? ("while some Incomplete and
Draft entries are actively used by the general public" would be the common
case).

On Wed, Nov 17, 2021 at 6:50 AM Alec J Summers  wrote:

> Kurt,
>
>
>
> Good morning, and thanks for your note. I wanted to double check with the
> team on this and was able to confirm my supposition.
>
>
>
> As you know, some CWE entries are ‘Weaknesses’, whereas others are
> ‘Categories’, and others are ‘Views’.
>
>
>
> The CWE XML – as specified in the schema – first lists all weaknesses
> (under the  element), then all categories (under the
>  element), etc.
>
>
>
> You can confirm that CWE-2 is in the downloaded XML by doing a simple grep
> for ‘ID=”2”’ and noting that there is an element with the following line:
>
>
>
> 
>
>
>
> We have downloaded the latest cwec file using the URL that you specified
> and confirmed the existence of CWE-2.
>
>
>
> You can use the following command line to see all the listed entries
> (tested on Red Hat Linux):
>
>
>
> egrep '<(Weakness|Category|View).*ID="[0-9]+"' cwec_v4.6.xml
>
>
>
> To confirm that CWE-1 is present, try the following command:
>
>
>
>egrep '<(Weakness|Category|View).*ID="[0-9]+"' cwec_v4.6.xml | egrep
> 'ID="1"
>
>
>
> The total list of deprecated entries (23 weaknesses, 35 categories, and 3
> views – total of 61) can be viewed here:
> https://cwe.mitre.org/data/definitions/604.html
>
>
>
> Best,
>
> Alec
>
>
>
> --
>
> *Alec J. Summers*
>
> Cyber Solutions Innovation Center
>
> Group Leader, Software Assurance Research & Practice
>
> Cyber Security Engineer, Lead
>
> O: (781) 271-6970
>
> C: (781) 496-8426
>
> **
>
> *MITRE - Solving Problems for a Safer World*
>
>
>
>
>
> *From: *Kurt Seifried 
> *Date: *Tuesday, November 16, 2021 at 8:48 PM
> *To: *CWE CAPEC Board 
> *Subject: *Question about the data
>
> I just grabbed the XML data (
> https://cwe.mitre.org/data/xml/cwec_latest.xml.zip) and was looking
> through it, by ID, so from the start e.g.:
>
>
>
> 5
>
> 6
>
> 7
>
> 8
>
> 9
>
> 11
>
> 12
>
> 13
>
> 14
>
> 15
>
> 20
>
>
>
> And some are missing, when I went and looked I got:
>
>
>
> https://cwe.mitre.org/data/definitions/1.html
>
> deprecated (makes sense)
>
>
>
> https://cwe.mitre.org/data/definitions/2.html
>
> CWE CATEGORY: 7PK - Environment
>
>
>
> https://cwe.mitre.org/data/definitions/3.html
>
> https://cwe.mitre.org/data/definitions/4.html
>
> deprecated (makes sense)
>
>
>
> I'm wondering what the deal with CWE-2 is, it's clearly not terribly
> useful, but it's.. sort of alive? Dead? Zombie?
>
>
>
> The CWE ID's go up to 1351 and of those there are 947 live ones, does that
> sound right (so 400+ are deprecated?).
>
>
>
> --
>
> Kurt Seifried (He/Him)
> k...@seifried.org
>


-- 
Kurt Seifried (He/Him)
k...@seifried.org

Feedback Requested on CWE/CAPEC Board Code of Conduct & Charter

[Marisa Harriston]

Dear CWE/CAPEC Board Members,

It was great to speak with you again yesterday. As promised, we wanted to send 
a message about the chosen process for finalizing and voting on the draft 
charter.

Overview:
The first step is to have everyone read the current draft and provide any 
feedback, should there be any. The one outstanding item in the draft charter is 
Section 2.5 - Board Member Professional Conduct Guidance. Board members should 
decide on one of two options: (1) A CWE/CAPEC-modified version of the CVE 
Professional Code of Conduct 
https://docs.google.com/document/d/1CK54UHkiGzKSTq_sCaERpQ8mEpFioncOCl6rh1utO_I/edit?usp=sharing,
 or
(2) Contributor Covenant: 
(contributor-covenant.org).
 From there, the CWE secretariat will complete a final draft and share it with 
the Board members for final comment and ultimately, a vote.

Timeline:

  1.  Review the two options for Code of Conduct and indicate your preference 
via email to the MITRE secretariat - 
mharris...@mitre.org - by 12/3/2021
  2.  Review the final Board Charter draft and provide any edits/comments via 
email to the MITRE secretariat by 12/10/2021
  3.  If any edits are made, review edits and provide final up or down vote via 
email to the MITRE secretariat by 12/17/2021

The draft charter can be seen and edited here: 
https://docs.google.com/document/d/1jTB7FjovJUBvjY6L0n6-GabVG5z_aIVh7BlUa4qLANQ/edit?usp=sharing

We will be sending periodic reminders over the coming weeks.

Thanks again for your time and support.

Regards,
Marisa (on behalf of the CWE/CAPEC Programs)

Marisa Harriston
The MITRE Corportation
mharris...@mitre.org
Mobile: 571-634-0971


[LinkedIn Logo][Twitter 
Logo] [Youtube logo] 
  [Facebook Logo] 
  [Instagram Logo] 


[MITRE Logo]

Re: Question about the data

[Alec J Summers]

Kurt,

Good morning, and thanks for your note. I wanted to double check with the team 
on this and was able to confirm my supposition.

As you know, some CWE entries are ‘Weaknesses’, whereas others are 
‘Categories’, and others are ‘Views’.

The CWE XML – as specified in the schema – first lists all weaknesses (under 
the  element), then all categories (under the  
element), etc.

You can confirm that CWE-2 is in the downloaded XML by doing a simple grep for 
‘ID=”2”’ and noting that there is an element with the following line:



We have downloaded the latest cwec file using the URL that you specified and 
confirmed the existence of CWE-2.

You can use the following command line to see all the listed entries (tested on 
Red Hat Linux):

egrep '<(Weakness|Category|View).*ID="[0-9]+"' cwec_v4.6.xml

To confirm that CWE-1 is present, try the following command:

   egrep '<(Weakness|Category|View).*ID="[0-9]+"' cwec_v4.6.xml | egrep 'ID="1"

The total list of deprecated entries (23 weaknesses, 35 categories, and 3 views 
– total of 61) can be viewed here: 
https://cwe.mitre.org/data/definitions/604.html

Best,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Kurt Seifried 
Date: Tuesday, November 16, 2021 at 8:48 PM
To: CWE CAPEC Board 
Subject: Question about the data
I just grabbed the XML data 
(https://cwe.mitre.org/data/xml/cwec_latest.xml.zip) and was looking through 
it, by ID, so from the start e.g.:

5
6
7
8
9
11
12
13
14
15
20

And some are missing, when I went and looked I got:

https://cwe.mitre.org/data/definitions/1.html
deprecated (makes sense)

https://cwe.mitre.org/data/definitions/2.html
CWE CATEGORY: 7PK - Environment

https://cwe.mitre.org/data/definitions/3.html
https://cwe.mitre.org/data/definitions/4.html
deprecated (makes sense)

I'm wondering what the deal with CWE-2 is, it's clearly not terribly useful, 
but it's.. sort of alive? Dead? Zombie?

The CWE ID's go up to 1351 and of those there are 947 live ones, does that 
sound right (so 400+ are deprecated?).

--
Kurt Seifried (He/Him)
k...@seifried.org