for release in late October.
Please let me know if you have any thoughts or objections to this plan of
action.
Cheers,
Alec
p.s. If you haven’t had a chance to provide feedback to the DRAFT CWE/CAPEC
Board Charter, please do so by 9/13.
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader
will definitely prioritize getting a new view up to align with this.
Cheers,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426
MITRE - Sol
/) and decide
whether we wish to proceed with adopting it for our purposes in this domain or
if we would like to use our own Professional Code of Conduct tailored from that
of CVE.
Please give me your feedback on the charter and the Code of Conduct topic by
Friday, October 22.
Cheers,
Alec
--
Alec J
://cwe.mitre.org/data/definitions/1256.html
Does this help?
I can get updates to the form and changed in the near future to reflect #1-3
above in the text form for now. Again, we hope to have the web-submission form
available on the site soon.
Cheers,
Alec
--
Alec J. Summers
Cyber Solutions Innovation
to on the form as
well):
Guidelines for individual elements:
https://cwe.mitre.org/community/submissions/guidelines.html#guidelines
Common problems encountered with poor submissions:
https://cwe.mitre.org/community/submissions/guidelines.html#problems
Best,
Alec
--
Alec J. Summers
Cyber Solutions
, be on the lookout for a new draft charter by the end of the week.
Cheers,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426
M
nd:
egrep '<(Weakness|Category|View).*ID="[0-9]+"' cwec_v4.6.xml | egrep 'ID="1"
The total list of deprecated entries (23 weaknesses, 35 categories, and 3 views
– total of 61) can be viewed here:
https://cwe.mitre.org/data/definitions/604.html
Best,
Alec
--
Alec J. Summers
Cyb
Kurt,
Absolutely! As I said, we started some metrics work after the recent
card-sorting exercise, and by that I mean the metrics are under development at
this time. The team will share drafts once we have something implemented.
Best,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
leases (Q1 2022) for Status element recalibration,
attribute value changes, and related updates to the content submission
guidelines/form.
Best,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (7
infrastructure.
It is conceivable that all CWE/CAPEC code could one day be open-source, but
that is not the case right now.
Cheers,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-
Hayashi (Qualcomm) so they may provide
clarifications or reply to any additional questions directly in this thread.
Cheers,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781)
an we make this more public so people don't submit duplicates, or if
there are similar ones already in the works we can see it?
* Yes, that is our plan. We hope that the overall quality of submissions
will be improved by public review in the early stages.
Best,
Alec
--
Alec J. Summers
Cyber
Kurt,
Thanks for your note. This was a question that Adam et al answered in the
document I shared on 2/24. In short, the working group would start working
towards a REST API to start.
Best,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research
Clarification: “working on read access to start.”
Apologies for the miscommunication.
Cheers,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-
.
Cheers,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426
MITRE - Solving Problems for a Safer World
From: Jason Oberg
Date: Fr
has left the
MITRE Corporation. As we look to have someone else step into her communications
role on CWE/CAPEC, you may be getting some more emails from me directly.
Cheers,
Alec
--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
C
Kurt,
Thanks for your note. I appreciate the challenges you are facing.
Is this resolvable at all by choosing a different day of the week/time of day?
Or, is this going to be a problem in general henceforth until the school year
ends?
Thanks,
Alec
--
Alec J. Summers
Cyber Solutions
Good morning! I hope everyone had a great weekend.
Just a soft reminder to please fill out the doodle poll so that we can finalize
a date/time. Thanks to all who have already done so.
Cheers,
Alec
--
Alec J. Summers
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations
Wrong email thread :-)
The message below was intended for the c...@mitre.org<mailto:c...@mitre.org>
handle.
Hope everyone has a great weekend!
Cheers,
Alec
--
Alec J. Summers
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integration
Center for Se
, Jeremy’s proposal for discussing a multiyear look-ahead and plan, the
public submissions repository, and activities in the vulnerability mapping
domain). Please let me know if you have other thoughts about agenda topics.
Cheers,
Alec
--
Alec J. Summers
Cyber Security Engineer, Principal
Group
Kurt,
Thanks for the note on this. We are actively working to replicate and
troubleshoot.
Separately, we will be following up on the successful submission.
Cheers,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity
sessions, tracking progress on
objectives, identifying other opportunities for discussion/action, etc. Lastly,
as co-chair she might periodically brief the CWE/CAPEC Board with me to update
you on UEWG activities.
I’m very happy to welcome her into this new role.
Cheers,
Alec
--
Alec J
to compare is attached. The plan would be
to unify the definitions according to the above across all our sites. Would
love to hear your thoughts.
Cheers,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations
second heading: External Submissions Review Process – there’s a table there
with each stage).
Hope that helps.
Cheers,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integ
Jeremy,
Thanks for your note. This is a great topic for a larger discussion, I believe.
But till then… elements of your email point more directly to CVMAP and
questions that perhaps @Turner, Christopher<mailto:christopher.tur...@nist.gov>
could answer best.
Cheers,
Alec
--
Alec J. S
feedback, after which we can formally the terms in the CWE
and CAPEC glossaries.
Are there any objections to this course of action? If not, I will send out
notes to the listservs by midweek.
Cheers,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer
all.
Cheers,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integration
MITRE - Solving Problems for a Safer World™
From: SJ Jazz
Date: Tuesday, July 12, 2022 at 4
are CWE
SIG<http://cwedev1-mcl.mitre.org/documents/HW_CWE_SIG.pdf> discussions
We are really excited about this release, and we look forward to you diving
into the new content. On behalf of the CWE Program, thank you for your
continued support.
Cheers,
Alec
--
Alec J. Summers
Center for S
Just a soft reminder on the scheduling poll below.
Thanks for all members that have responded to the poll already.
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integration
,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integration
MITRE - Solving Problems for a Safer World™
Just a soft reminder that we will be holding our next quarterly CWE/CAPEC Board
meeting tomorrow afternoon from 2-4pm ET. Please let me know if you need me to
forward the meeting invite again.
Hope to see you there!
Best,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber
publish a new one at the same time.
Happy to talk more on this in advance of the Fall Board meeting. Looking
forward to the discussion!
Cheers,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integration
Kurt,
Please direct emails regarding submissions to
c...@mitre.org<mailto:c...@mitre.org>, not the Board email list.
Thank you.
Cheers,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integ
Board members,
Good morning - I hope you are all well.
I am forwarding a message from Kurt that inadvertently failed to proceed
through our listserv moderation process during the holiday week. Please see
below...
Cheers,
Alec
From: Seifried, Kurt
Sent:
updates on ICS-OT SIG activities.
The team is very happy to welcome both Rogue and Matt as they step into these
important roles.
Best,
Alec
--
Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integration
35 matches
Mail list logo
