[cabfpub] Ballot 210: Misc. Changes to the Network and Certificate System Security Requirements
Tony Rutkowski
tony at yaanatech.com
Fri Dec 8 23:06:58 UTC 2017
Hi Ben,
It's a little late, but I noticed that the information
and link for the SANS Top 25 near the top of page 6
is broken and the text is grammatically incorrect. The
information is also considerably out of date.
CWE is a trademarked term of MITRE and they
created and maintain them. SANS simply promoted
them. The correct link is https://cwe.mitre.org/index.html
The text should probably read:
CWE™ List: A list of software weaknesses types undertaken as a
community initiative to capture the specific effects, behaviors,
exploit mechanisms, and implementation details. Ref.
https://cwe.mitre.org/index.html) Mappings also exist to external
groupings such as a Top-N list. See, e.g., http://cwe.mitre.org/top25/
The definition of Vulnerability Scan also needs to be
updated to refer to the "CWE™ List" rather than SANS Top 25.
Whenever you next update the guide, the changes could
be made.
best,
tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171208/1ba0fa41/attachment-0002.html>
More information about the Public
mailing list