I think that you are spot on, and people are sooner than
later going to be demanding that, as a by-product of our
shrinking economic reality.
Take this example (not to stir up a semantic pissing match):
"Insufficient Input Validation"
I get it. I understand the importance of it. But it is not
cl
In the past year or so, I've been of a growing mindset that one of the
hidden powers of CWE and other weakness/bug/vulnerability/attack
taxonomies would be in evaluating secure coding practices: if you do X and
Y, then what does that actually buy you, in terms of which vulnerabilities
are fixed or