Rob,
I believe it makes sense to update CWE-436 based on your suggestion. An
immediate question is whether the clarification belongs in the extended
description or the modes of introduction, although “Specification” is not
currently treated as a distinct SDLC phase within the XML schema
Steven,
Is there any room to update the description or extended description of CWE-436:
Interpretation Conflict to suggest specs or requirements may be at fault for
leaving certain behaviors up the implementation that should not be, leaving
room for interpretation conflicts to occur and become
I would say it's a sliding scale with room for several CWE's:
at the "definite": end, someone implements the RFC incorrectly. I mean.
Yeah. the output should look like X, it doesn't, therefore it's wrong.
at the maybe middle: there are common behaviors/consensus, like Rob's JSON
example,