Secure Coding mailing list archives
A New Open Source Approach to Weakness
From: mcgegick at ncsu.edu (mcgegick at ncsu.edu)
Date: Thu, 10 Aug 2006 19:06:19 -0400 (EDT)
The Honeycomb project seems interesting. This sounds a lot like the Common Weakness Enumeration (CWE ? see http://cwe.mitre.org) effort that has been going on for the past year as part of the DHS software assurance metrics and tool evaluation project. The CWE is an aggregation of sources including Seven Pernicious Kingdoms, CLASP, PLOVER, ten from OWASP, the Web Security Threat Classification, 19 Deadly Sins, etc. that describes software weaknesses (to date ~500 of them) in a consistently named fashion and provides a taxonomy to organize the relationships between the weaknesses. The classification comes with the help of a large community effort including NIST, MITRE, DHS, NSA, many commercial organizations, academia, and the public. And, I believe there are currently 15-20 tool vendors, including Fortify Software and Secure Software, that are contributing and mapping their content to the CWE. Thanks, Michael Gegick
Current thread:
- A New Open Source Approach to Weakness Kenneth Van Wyk (Aug 09)
- A New Open Source Approach to Weakness Gergely Buday (Aug 09)
- A New Open Source Approach to Weakness Jeff Williams (Aug 09)
- <Possible follow-ups>
- A New Open Source Approach to Weakness Gary McGraw (Aug 09)
- A New Open Source Approach to Weakness mcgegick at ncsu.edu (Aug 10)
- A New Open Source Approach to Weakness Jeff Williams (Aug 10)
- A New Open Source Approach to Weakness Gergely Buday (Aug 09)