Comments (2)
This was to match what NVD used for CVMAP matching.
i.e if a CNA picked a more accurate CWE but was not in NVD's vocabulary, the CNA would get a mismatch (-ve points).
If CVMAP changes their list, we can sync to that.
from vulnogram.
@chandanbn Sorry, may you please expand on your explanation a little bit more?
I see no requirement in the CNA Rules v4.0 (latest published) that relates to using CWE's that exist in the NVD CVMAP matching defined by CWE-1003 (the subset used by NVD).
Is cwe-frequent.json
intended to be exactly CWE-1003 to, by default, to support CNAs participating in CVMAP?
If that is the case then I would note that cwe-frequent.json
contains one extra CWE, "CWE-122: Heap-based buffer overflow" which is not in the CVMAP list?
I'm just trying to understand the outcome of having the frequent list be the minimal list.
from vulnogram.
Related Issues (20)
- CVE-2023-45857 (Medium) detected in axios-0.21.4.tgz - autoclosed HOT 1
- CVE-2023-32314 (Critical) detected in vm2-3.9.14.tgz
- CVE-2023-3696 (Critical) detected in mongoose-6.10.0.tgz - autoclosed HOT 1
- Ability to reserve CVE for the prior year HOT 2
- Timeout for the CVE Portal Login doesn't always work.
- Update Preview tab to show the preview as on https://www.cve.org/CVERecord HOT 1
- CVE-Portal: Prevent CNA admins from locking themselves
- CVE-2023-26115 (High) detected in word-wrap-1.2.3.tgz - autoclosed HOT 1
- CVE-2023-26159 (Medium) detected in follow-redirects-1.15.2.tgz - autoclosed HOT 1
- CVE-2023-42282 (Critical) detected in ip-1.1.8.tgz, ip-2.0.0.tgz - autoclosed HOT 1
- CVE-2022-25883 (High) detected in multiple libraries - autoclosed HOT 1
- Embed an AJV validator for latest CNA container sub-schema validation prior to submission
- Support Rejected -> Published HOT 3
- Post to CVE.org button at bottom of Test Portal Editor tab HOT 1
- Test portal record successfully created link goes to production CVE page HOT 2
- support CPE (feature request)
- Vulnogram Generated Link to CAPECs Ends in 404 Error HOT 1
- CVE Reservation - allow for years older than last year
- 'Public at' mandatory, but not marked as such
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vulnogram.