Kurt, Thanks for your note. Hope you are well.
As we began formalizing the requirements for suggesting new entries to CWE when expanding into hardware for the first time, we began first with the more detailed Content Submission template .txt form that covered all the elements of a robust CWE entry. While that template was robust and complete, it was a big lift for community stakeholders to complete up front. We also noticed that sometimes they would sink a lot of time into completing it only to find out that an entry already existed that they were suggesting or it wasn’t actually a weakness (e.g., it was a type of attack). The CWE Content Web Submission Form was created to alleviate these kinds of problems. It is far more approachable and user-friendly for community stakeholders to suggest something (just a few data fields). This way we can save our partner contributors’ time and work with them to help shape their idea a bit before they undertake drafting content for all the elements of a weakness. Each stage of a submission process is defined in the Guidelines for New Content Suggestions<https://cwe.mitre.org/community/submissions/guidelines.html> (second heading: External Submissions Review Process – there’s a table there with each stage). Hope that helps. Cheers, Alec -- Alec J. Summers Center for Securing the Homeland (CSH) Cyber Security Engineer, Principal Group Lead, Cybersecurity Operations and Integration –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World™ From: Kurt Seifried <k...@seifried.org> Date: Friday, May 13, 2022 at 8:28 AM To: CWE CAPEC Board <cwe-capec-board-list@mitre.org> Subject: Question: what happened to fields like "Modes of introduction" Now that I look at the form (https://cwesubmission.mitre.org/) I realize it doesn't ask for "modes of introduction" and indeed about half of the defined fields (Applicable platforms, common consequences, etc.). Are we still using those fields moving forwards? I assume https://cwesubmission.mitre.org/ is the correct format or is the missing stuff populated by MITRE or something else? -- Kurt Seifried (He/Him) k...@seifried.org<mailto:k...@seifried.org>
