Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 May 2018 01:17:36 +0300
From: Alexander Popov <>
To: Kurt Seifried <>,
 oss-security <>
Cc: Kees Cook <>, "Serge E. Hallyn" <>,
 Brad Spengler <>, PaX Team <>,
 James Morris <>,
 "Reshetova, Elena" <>
Subject: Re: Re: Linux Kernel Defence Map

On 05.04.2018 02:55, Kurt Seifried wrote:
> Please use a CWE identifier if one exists (, if one
> doesn't exist perhaps we should have one (email me and I'm happy to help get
> that ball rolling). Having a CWE not only helps categorize things correctly but
> gives us something to point developers at for resources around flaws and how
> they can be avoided/dealt with/etc. 

Hello Kurt,

I've just added the corresponding CWE IDs to the vulnerability classes showed on
the map:

It think there is only one vuln class that misses a CWE ID -- Stack Depth
Overflow. We currently have CWE-674 (Uncontrolled Recursion), but it doesn't
cover the Stack Clash case, which also refers to Stack Depth Overflow.

Best regards,

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ