[cabfpub] Ballot 210: Misc. Changes to the Network and Certificate System Security Requirements
tony at yaanatech.com
Fri Dec 8 16:06:58 MST 2017
It's a little late, but I noticed that the information
and link for the SANS Top 25 near the top of page 6
is broken and the text is grammatically incorrect. The
information is also considerably out of date.
CWE is a trademarked term of MITRE and they
created and maintain them. SANS simply promoted
them. The correct link is https://cwe.mitre.org/index.html
The text should probably read:
CWE™ List: A list of software weaknesses types undertaken as a
community initiative to capture the specific effects, behaviors,
exploit mechanisms, and implementation details. Ref.
https://cwe.mitre.org/index.html) Mappings also exist to external
groupings such as a Top-N list. See, e.g., http://cwe.mitre.org/top25/
The definition of Vulnerability Scan also needs to be
updated to refer to the "CWE™ List" rather than SANS Top 25.
Whenever you next update the guide, the changes could
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public