[cabfpub] Ballot 210: Misc. Changes to the Network and Certificate System Security Requirements

Tony Rutkowski tony at yaanatech.com
Fri Dec 8 16:06:58 MST 2017


Hi Ben,

It's a little late, but I noticed that the information
and link for the SANS Top 25 near the top of page 6
is broken and the text is grammatically incorrect.  The
information is also considerably out of date.

CWE is a trademarked term of MITRE and they
created and maintain them.  SANS simply promoted
them.  The correct link is https://cwe.mitre.org/index.html

The text should probably read:

    CWE™ List: A list of software weaknesses types undertaken as a
    community initiative to capture the specific effects, behaviors,
    exploit mechanisms, and implementation details. Ref.
    https://cwe.mitre.org/index.html)  Mappings also exist to external
    groupings such as a Top-N list.  See, e.g.,  http://cwe.mitre.org/top25/


The definition of Vulnerability Scan also needs to be
updated to refer to the "CWE™ List" rather than SANS Top 25.

Whenever you next update the guide, the changes could
be made.

best,
tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20171208/1ba0fa41/attachment-0001.html>


More information about the Public mailing list