Chris, Thanks for your note on this. According to their github repo, it appears this is due to launch on September 24 – but I’m not certain if that is accurate. Perhaps Andrew can fill us in :-) It appears that there are many more CWE mappings to each entry in the 2021 Top 10. We will definitely prioritize getting a new view up to align with this.
Cheers, Alec -- Alec J. Summers Cyber Solutions Innovation Center Group Leader, Software Assurance Research & Practice Cyber Security Engineer, Lead O: (781) 271-6970 C: (781) 496-8426 –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World From: Joe Jarzombek <joe.jarzom...@synopsys.com> Date: Thursday, September 9, 2021 at 8:21 PM To: Eng, Chris <c...@veracode.com>, CWE CAPEC Board <cwe-capec-board-list@mitre.org> Subject: RE: OWASP 2021 View Yes, I concur with Chris. It would be useful to highlight the associated CAPEC IDs with the respective CWEs in OWASP 2021. Regards, -Joe - Joe Jarzombek, CSSLP Director for Government & Critical Infrastructure Programs Email: joe.jarzom...@synopsys.com<mailto:joe.jarzom...@synopsys.com> | Mobile: 703 627-4644 | https://www.synopsys.com/solutions/aerospace-defense.html [cid:image001.png@01D7A5B9.8AB5EBF0] From: Chris Eng <c...@veracode.com> Sent: Thursday, September 9, 2021 11:25 AM To: CWE CAPEC Board <cwe-capec-board-list@mitre.org> Subject: OWASP 2021 View I believe OWASP is releasing their new Top 10 list in a couple of weeks during their 20th anniversary event. The draft is here: https://owasp.org/Top10/<https://urldefense.com/v3/__https:/owasp.org/Top10/__;!!A4F2R9G_pg!LxUArg3uxR2YcLXTdgxW9CNZ-PoLysrgeUON3FZR8652NByEYI5TIYnTJA1xIz16PngIpQ$>. If it’s not already in the plan, can we prioritize getting a CWE View created for this as soon as possible after the list is finalized? Many users and vendors rely on the CWE View to create mappings for their programs/products.
