Kate, Gary, et. al This caught my eye, a suggestion that security CWE model encapsulate Improper Licensing risk
http://making-security-measurable.1364806.n2.nabble.com/Request-for-CWE-Improper-Licensing-UNCLASSIFIED-td7589656.html Historically, CWE (Common Weakness Enumeration) is about all the different ways software may be vulnerable / exploitable to security risks. The suggestion that the CWE model also consider ‘Improper Licensing’ as an exploitable ‘weakness’ is interesting. Bill
_______________________________________________ Spdx-tech mailing list Spdx-tech@lists.spdx.org https://lists.spdx.org/mailman/listinfo/spdx-tech
