Dear CWE Community,

We are thrilled to announce that CWE version 4.10 is now available on our 
website -<>.
 Thank you to all our content submitters for your time and efforts to 
collaborate and make this release possible, especially the significant 
contributions by the CWE Hardware 
ICS/OT SIG<>, as 
noted below.

A detailed report listing the specific changes between Version 4.9 and 4.10 can 
be found here (diff 
report<>), but 
below I have listed some of the key highlights:

  *   Added 1 new CWE weakness for use of vulnerable third-party components, 
CWE-1395: Dependency on Vulnerable Third-Party 
  *   Revamped CWE-1357: Reliance on Insufficiently Trustworthy 
Component<> to emphasize 
dependency on "insufficiently trustworthy" components
  *   Changed over 400 CWE descriptions to replace "software" with "product" to 
better allow the scope of those CWEs to include hardware, driven by experience 
with the ICS/OT 
SIG<> and the CWE 
Hardware SIG<>
  *   Changed categories and relationships in the Hardware 
View<> (CWE-1194)
  *   Improved names, descriptions, and/or demonstrative examples of multiple 
hardware weaknesses
  *   Updated the ICS/OT View<> 
(CWE-1358) including relationships, descriptions, and mappings to the ISA/IEC 
 standard, based on contributions by the ICS/OT SIG
  *   Added more Mapping Notes
  *   Updated some relationships under CWE-284: Improper Access 
  *   Provided cloud-related details for some CWEs (mitigations, applicable 
platforms, and demonstrative examples)
  *   Added more observed examples for products written in Python or Go
  *   Deprecated CWE-1324: Sensitive Information Accessible by Physical Probing 
of JTAG Interface<>

We are really excited about this release, and we look forward to you diving 
into the new content. On behalf of the CWE Team, thank you for your continued 
support of the CWE/CAPEC Program.


Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426
MITRE - Solving Problems for a Safer World

Reply via email to