October 10, 2007

CWE List - Dictionary of Software Weakness Types

You all know CVE very well , as one of the most well-know resources about published vulnerabilities and related details . CVE , US-CERT , OSVDB , SecurityFocus BIDs and others are all out there to help you find what`s going on around the world in the filed of information security and vulnerability researches and discoveries . They also briefly categories published information based on their severity, attack surface and few other parameters . Surprisingly most of them leave the reader alone with labels and titles about main category of the vulnerability, for example "Web-app XYZ remote file inclusion" . Well, most users of such resources are people familiar with these basics and they really no need to read what "remote file inclusion" or other titles means, among every item they browse. But how about those who know any about the category ? or any other user visiting the database and getting lost in these long lists of directories and categories ? Some people will shout "Google!" but hey , what if some body looks for a directory of "categories" and their brief descriptions ? Not everyone is interested to follow a long technical paper on CSRF to understand wtf it is !

So, miter community came up with CWE , The solution for this case . read about their approach to get familiar with other aspects of this project .

This directory is also useful for people looking for a brief learning reference to know more about common vulnerabilities . What make CWE useful for this purpose is the way that they have prepared items in directory. Items Containing sample CVE , reference to technical papers , relationship with other categorized items and if the item is parent/child of other items make them a great reference for people looking for those who like to learn more about the item they just got familiar with.

The cool thing about CWE is that, it let you have the directory off line , by simply saving the entire HTML version of directory , and browse it off line . Other interesting materials are also provided in the Sources section .

No comments:

Post a Comment