Help me fill out a list of flaw types
David
nezsez2 at gmail.com
Mon Aug 12 03:19:18 UTC 2013
On 08/05/2013 02:03 PM, Josh Bressers wrote:
>
> ----- Original Message -----
>> Josh,
>>
>> Is this what you are meaning to do?
>>
>> http://cwe.mitre.org/
>>
>> The standard seems robust... implementation is another discussion all
>> together.
>>
> The standard is probably too robust. CWE is great, but it's too big. I need
> a list I can easily read and understand.
>
> Plus it's a nice way for us all to bikeshed I mean discuss some of the
> topics ;)
>
> Thanks.
>
Did you have a particular use-case in mind for your list? Will you be
accessing this list programmatically or just for human consumption?
Perhaps a schema/classification skeleton we could start with? Do you
want a list of specific exploits/vulnerabilities (so you might start
with local and remote for example then drill down with stack exploits,
cross site injections etc) or just a list of the monikers of actual
exploits like "sasser", or something more like "social engineering",
"network", "program code"..."input validation", etc?
David
More information about the security
mailing list