On 08/05/2013 02:03 PM, Josh Bressers wrote:
----- Original Message -----
Josh,
Is this what you are meaning to do?
http://cwe.mitre.org/
The standard seems robust... implementation is another discussion all
together.
The standard is probably too robust. CWE is great, but it's too big. I need
a list I can easily read and understand.
Plus it's a nice way for us all to bikeshed I mean discuss some of the
topics ;)
Thanks.
Did you have a particular use-case in mind for your list? Will you be
accessing this list programmatically or just for human consumption?
Perhaps a schema/classification skeleton we could start with? Do you
want a list of specific exploits/vulnerabilities (so you might start
with local and remote for example then drill down with stack exploits,
cross site injections etc) or just a list of the monikers of actual
exploits like "sasser", or something more like "social engineering",
"network", "program code"..."input validation", etc?
David
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
