Also, it excludes services. So yeah, I vote drop the " in a range of products made by different vendors"
On Wed, Jul 13, 2022 at 2:12 PM SJ Jazz <sjoeja...@gmail.com> wrote: > I still recommend deleting at the end of the definition of weakness > "... in a range of products made by different vendors. > > It adds no value, and actually unintentionally limits applicability by > implying weaknesses only apply to products made by vendors. > > Regards, > > Joe > > On Wed, Jul 13, 2022, 12:08 Alec J Summers <asumm...@mitre.org> wrote: > >> Dear CWE Research Community, >> >> >> >> I hope this email finds you well. >> >> >> >> Over the past few months, the CWE/CAPEC User Experience Working Group has >> been working to modernize our programs through a variety of activities. One >> such activity is harmonizing the definitions on our sites for some of our >> key terminology including weakness, vulnerability, and attack pattern. As >> CWE and CAPEC were developed separately and on a different timeline, some >> of the terms are not defined similarly, and we want to address that. >> >> >> >> We are seeking feedback on our working definitions: >> >> >> >> *Vulnerability* >> >> *A flaw in a software, firmware, hardware, or service component resulting >> from a weakness that can be exploited, causing a negative impact to the >> confidentiality, integrity, or availability of an impacted component or >> components (from CVE®)* >> >> *Weakness* >> >> *A type of flaw or defect inserted during a product lifecycle that, under >> the right conditions, could contribute to the introduction of >> vulnerabilities in a range of products made by different vendors* >> >> *Attack Pattern* >> >> *The common approach and attributes related to the exploitation of a >> weakness, usually in cyber-enabled capabilities* >> >> >> >> *Note*: CVE’s definition for ‘vulnerability’ was agreed upon after >> significant community deliberation, and we are not looking to change it at >> this time. >> >> >> >> We are hoping to publish new, improved definitions on our websites at the >> end of the month. Please provide thoughts and comments by Tuesday, July 26. >> >> >> >> Cheers, >> >> Alec >> >> >> >> -- >> >> *Alec J. Summers* >> >> Center for Securing the Homeland (CSH) >> >> Cyber Security Engineer, Principal >> >> Group Lead, Cybersecurity Operations and Integration >> >> *––––––––––––––––––––––––––––––––––––* >> >> *MITRE - Solving Problems for a Safer World™* >> >> >> >> >> > -- Kurt Seifried (He/Him) k...@seifried.org
