How to Effectively Utilize Hardware CWEs Across your Organization The CWE/CAPEC Program partners with organizations around the world to further the program’s mission and objectives. The views and opinions expressed do not necessarily state or reflect those of the CWE/CAPEC Program, and any reference to a specific product, process, or…

The CWE/CAPEC Program partners with organizations around the world to further the program’s mission and objectives. …

On the CWE team, we know that identifying the root cause weakness of a vulnerability is not always a straight-forward and easy task. We also know that in order to do so, the CWE corpus must be as complete as possible so that each new CVE® record can reference at…

March 2022 is the 15th anniversary of Common Attack Pattern Enumerations and Classifications (CAPEC™). On this important milestone, we thought we would reflect on the development of the project and the plans for the future, with collaboration of the CAPEC community. The idea of a software design pattern had been…

If your project uses or implements regular expressions, you need to check them for a weakness that might allow an attacker to stop your program from working. Regular expressions, also known as regex, allow programmers to parse or replace text with a common notation. …

A special thanks to Adam Chaudry for his contribution to this blog. A Brief History of HTTP Boundary-Based Attacks Anyone familiar with modern telecommunications understands the fundamental importance of HTTP as the foundation for information exchange across the World Wide Web. HTTP supports the implementation of client-server connections that underpin…

The recent vulnerability in log4j (CVE-2021–44228), also called “Log4Shell,” has received a lot of attention because of how dangerous and widespread it is. Defenders in vulnerability management and incident response will likely be very busy with this one for a while. While Log4Shell has been a hot topic, there hasn’t…

If you are making hardware that will be relied on for calculations or that could impact lives or money, you need to make sure that these products can recover from a single event upset (SEU). …

Have you ever written a program where you were sure your math was right, but it came out wrong? Often, it’s not the math that is wrong. This is programmer error, not an error of rounding with the implementation. If you are doing calculations that count for lives or money…