3:05 PM
> *To:* Keith J Hill ; Alec J Summers ;
> CAPEC Researcher Discussion
> *Subject:* RE: CWE/CAPEC Definitions
>
>
> How about something like this:
>
>
>
> Weakness: A state or condition in a product that when subjected to certain
> condition(s) will fail.
>
&g
lec J Summers ; CAPEC
Researcher Discussion
Subject: RE: CWE/CAPEC Definitions
How about something like this:
Weakness: A state or condition in a product that when subjected to certain
condition(s) will fail.
Thanks,
Mike
C. Michael Godsey BSETE, MSIE, MBA, CISSP, CISM, GICSP, CFE
Counter-
-mail and destroy all copies
of the original message. Thank you.
From: Keith J Hill
Sent: Wednesday, July 20, 2022 2:53 PM
To: Alec J Summers ; CAPEC Researcher Discussion
Subject: [EXTERNAL] RE: CWE/CAPEC Definitions
Nationwide Information Security Warning: This is an EXTERNAL email. Use
Thanks for the reminder Alec,
I'm bothered by the Weakness definition, specifically "type of flaw or defect
inserted..." because I think this presumes too much. I'm tossing this into
the ring for consideration. It incorporates some of the ideas that others
proposed.
Weakness: A condition tha
: Friday, July 15, 2022 8:34 AM
To: Alec J Summers
Cc: capec-research-list@mitre.org
Subject: Re: CWE/CAPEC Definitions
EXTERNAL MAIL
I did not copy everyone on my response…
Jim Whitmore
On Jul 15, 2022, at 10:20 AM, Jim Whitmore
mailto:jj-whitm...@comcast.net>> wrote:
Alec, thanks for th
Hi,
My take on the weakness term; I would lie to emphasize that my preference
is not to use the terms in one definition with the other, which creates a
bit of confusion.
*Vulnerability*
GOOD with the definition
*Weakness*
*Lack of Quality or State in the product lifecycle that, under the ri
I did not copy everyone on my response…
Jim Whitmore
> On Jul 15, 2022, at 10:20 AM, Jim Whitmore wrote:
>
>
> Alec, thanks for the note. These terms overlap and are sometimes the source
> of confusion. I have been working with these resources for several years. My
> observation is that t
rbros.com>
Please note: While I may send an email outside of traditional working hours, I
do NOT expect a response outside of your own.
From: Gutman, Gregoriy (CTR)
Date: Friday, July 15, 2022 at 7:20 AM
To: Alec J Summers , CAPEC Researcher Discussion
Subject: RE: CWE/CAPEC Definitions
[C
Hello Alec, et al,
Here is my attempt at definition improvement of weakness and attack pattern.
Weakness - A flaw or defect overlooked during a product lifecycle that, under
the right conditions, could contribute to the introduction or exploit of
vulnerabilities in a range of products made by d