Dear CWE Community,

We are thrilled to announce that CWE version 4.11 is now available on our 
website -<>. Thank you to all our 
content submitters for your time and efforts to collaborate and make this 
release possible, especially the significant contributions by the CWE 
UEWG<>, CWE Hardware 
SIG<>, and CWE ICS/OT 
SIG<>, as noted 

A detailed report listing the specific changes between Version 4.10 and 4.11 
can be found here (diff 
report<>), but 
below I have listed some of the key highlights:

  *   Added a new "Custom" presentation filter that allows users to choose from 
a list of options to display only those weakness details that are most relevant 
to them when viewing CWE List information. This new filter, as well as the 
previously released Conceptual, Operational, Mapping Friendly, and Complete 
(Default) presentation filters, were developed by the CWE Team in collaboration 
with the CWE User Experience Working Group 
(UEWG)<>. Learn more 
  *   Updated many CWEs to include ICS/OT-specific details including mappings 
to the ISA/IEC 
 standard and categories of ICS/OT vulnerabilities, as contributed by the 
 and "Boosting 
 subgroups of the CWE ICS/OT 
  *   Added a new Comprehensive Categorization for Software Assurance Trends 
View<> that places all 
weaknesses into groupings, such as "memory safety," to facilitate analysis of 
trends and priorities in software assurance.
  *   Updated the Software Development 
View<> to reduce size, add 
newer/relevant CWEs, minimize use of CWEs that are not Base level, and reduce 
overlap such as parent/child weaknesses under the same category.
  *   Changed the Weaknesses Introduced During Design 
View<> to focus solely on 
Base-level weaknesses that are introduced during design; changed the mode of 
introduction for many CWE entries to add or remove the design phase accordingly.
  *   Modernized memory-safety related mitigations based on 
  *   Added Mapping Notes to over 300 Categories to emphasize that mapping 
specific vulnerabilities to Category entries is prohibited.
  *   Updated phrasing in several Hardware-related entries based on community 
  *   Added some observed examples for some hardware CWEs.
  *   Changed specific mentions of JTAG in several Hardware CWE entries opting 
for a more generic language talking about debug interfaces instead.
  *   Added demonstrative examples written in Python and Go.
  *   Updated content related to cloud storage.
  *   Added automated code analysis detection methods to many CWEs.
  *   Updated stale URLs for hundreds of references used throughout CWE.

We are really excited about this release, and we look forward to you diving 
into the new content. On behalf of the CWE Team, thank you for your continued 
support of the CWE Program.


Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integration
O: (781) 271-6970
C: (781) 496-8426
MITRE - Solving Problems for a Safer World(tm)

Reply via email to