Hi Ben, It's a little late, but I noticed that the information and link for the SANS Top 25 near the top of page 6 is broken and the text is grammatically incorrect. The information is also considerably out of date.
CWE is a trademarked term of MITRE and they created and maintain them. SANS simply promoted them. The correct link is https://cwe.mitre.org/index.html The text should probably read: CWE™ List: A list of software weaknesses types undertaken as a community initiative to capture the specific effects, behaviors, exploit mechanisms, and implementation details. Ref. https://cwe.mitre.org/index.html) Mappings also exist to external groupings such as a Top-N list. See, e.g., http://cwe.mitre.org/top25/ The definition of Vulnerability Scan also needs to be updated to refer to the "CWE™ List" rather than SANS Top 25. Whenever you next update the guide, the changes could be made. best, tony
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
