Date: Tue, 1 May 2018 01:17:36 +0300 From: Alexander Popov <alex.popov@...ux.com> To: Kurt Seifried <kseifried@...hat.com>, oss-security <oss-security@...ts.openwall.com> Cc: Kees Cook <keescook@...omium.org>, "Serge E. Hallyn" <serge@...lyn.com>, Brad Spengler <spender@...ecurity.net>, PaX Team <pageexec@...email.hu>, James Morris <jmorris@...ei.org>, "Reshetova, Elena" <elena.reshetova@...el.com> Subject: Re: Re: Linux Kernel Defence Map On 05.04.2018 02:55, Kurt Seifried wrote: > Please use a CWE identifier if one exists (https://cwe.mitre.org/), if one > doesn't exist perhaps we should have one (email me and I'm happy to help get > that ball rolling). Having a CWE not only helps categorize things correctly but > gives us something to point developers at for resources around flaws and how > they can be avoided/dealt with/etc. Hello Kurt, I've just added the corresponding CWE IDs to the vulnerability classes showed on the map: https://github.com/a13xp0p0v/linux-kernel-defence-map It think there is only one vuln class that misses a CWE ID -- Stack Depth Overflow. We currently have CWE-674 (Uncontrolled Recursion), but it doesn't cover the Stack Clash case, which also refers to Stack Depth Overflow. Best regards, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.