Hello all, I joined MITRE's CWE Hardware group a few months ago and have been working on updating some of the CWE content related to hardware. Currently, I'm looking to ensure that all hardware CWEs are listed under View 1194: Hardware Design. I am aware that a few CWEs are missing from this view. I have outlined them below, along with their proposed categories.
* CWE-1222: Insufficient Granularity of Address Regions Protected by Register Locks, to be added under CWE-1198: Privilege Separation and Access Control Issues. * CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State, to be added under CWE-1196: Security Flow Issues * CWE-1329: Reliance on Component That is Not Updateable, to be added under CWE-1208: Cross-Cutting Problems * CWE-1357: Reliance on Uncontrolled Component, to be added under CWE-1208: Cross-Cutting Problems Please contact me by December 23rd if there are any additional CWEs that should be listed under View 1194 or if you feel that one of the CWEs listed above should be moved into a different category. Best, Gage Hackford Cybersecurity Engineer The MITRE Corporation ghackf...@mitre.org<mailto:ghackf...@mitre.org>
