Dear CWE Community, We are thrilled to announce that CWE version 4.11 is now available on our website - https://cwe.mitre.org<https://cwe.mitre.org/>. Thank you to all our content submitters for your time and efforts to collaborate and make this release possible, especially the significant contributions by the CWE UEWG<https://cwe.mitre.org/community/working_groups.html#ue_wg>, CWE Hardware SIG<https://cwe.mitre.org/community/working_groups.html#hw_sig>, and CWE ICS/OT SIG<https://cwe.mitre.org/community/working_groups.html#ics_ot_sig>, as noted below.
A detailed report listing the specific changes between Version 4.10 and 4.11 can be found here (diff report<https://cwe.mitre.org/data/reports/diff_reports/v4.10_v4.11.html>), but below I have listed some of the key highlights: * Added a new "Custom" presentation filter that allows users to choose from a list of options to display only those weakness details that are most relevant to them when viewing CWE List information. This new filter, as well as the previously released Conceptual, Operational, Mapping Friendly, and Complete (Default) presentation filters, were developed by the CWE Team in collaboration with the CWE User Experience Working Group (UEWG)<https://cwe.mitre.org/community/working_groups.html#ue_wg>. Learn more here<https://cwe.mitre.org/news/index.html#april272023_New_Custom_Filter_for_Viewing_CWE_Weaknesses>. * Updated many CWEs to include ICS/OT-specific details including mappings to the ISA/IEC 62443<https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards> standard and categories of ICS/OT vulnerabilities, as contributed by the "Mapping CWE<https://medium.com/@CWE_CAPEC/community-actively-working-to-enhance-cwes-ics-ot-coverage-1b4f7bf0a6dd>" and "Boosting CWE<https://medium.com/@CWE_CAPEC/community-actively-working-to-enhance-cwes-ics-ot-coverage-1b4f7bf0a6dd>" subgroups of the CWE ICS/OT SIG<https://cwe.mitre.org/community/working_groups.html#ics_ot_sig>. * Added a new Comprehensive Categorization for Software Assurance Trends View<https://cwe.mitre.org/data/definitions/1400.html> that places all weaknesses into groupings, such as "memory safety," to facilitate analysis of trends and priorities in software assurance. * Updated the Software Development View<https://cwe.mitre.org/data/definitions/699.html> to reduce size, add newer/relevant CWEs, minimize use of CWEs that are not Base level, and reduce overlap such as parent/child weaknesses under the same category. * Changed the Weaknesses Introduced During Design View<https://cwe.mitre.org/data/definitions/701.html> to focus solely on Base-level weaknesses that are introduced during design; changed the mode of introduction for many CWE entries to add or remove the design phase accordingly. * Modernized memory-safety related mitigations based on D3FEND<https://d3fend.mitre.org/>. * Added Mapping Notes to over 300 Categories to emphasize that mapping specific vulnerabilities to Category entries is prohibited. * Updated phrasing in several Hardware-related entries based on community feedback. * Added some observed examples for some hardware CWEs. * Changed specific mentions of JTAG in several Hardware CWE entries opting for a more generic language talking about debug interfaces instead. * Added demonstrative examples written in Python and Go. * Updated content related to cloud storage. * Added automated code analysis detection methods to many CWEs. * Updated stale URLs for hundreds of references used throughout CWE. We are really excited about this release, and we look forward to you diving into the new content. On behalf of the CWE Team, thank you for your continued support of the CWE Program. Cheers, Alec -- Alec J. Summers Center for Securing the Homeland (CSH) Cyber Security Engineer, Principal Group Lead, Cybersecurity Operations and Integration ------------------------------------ O: (781) 271-6970 C: (781) 496-8426 ------------------------------------ MITRE - Solving Problems for a Safer World(tm)
