Is it the goal of CWE to provide prescriptive guidance on these things? If so,
then you might need a working group to keep up with developments in the space,
since NIST updates infrequently and usually lags behind industry best practices.
Or is it enough just to have categories for insecure
Dear Board Members,
Good morning! I hope you all had an excellent holiday weekend.
I wanted to update you all on a plan of action around establishing a
cryptography working group.
Unlike many other topics covered by CWE, cryptography requires highly
specialized knowledge to perform correctly.
