November 21, 2024 at 08:45AM MITRE has updated its CWE Top 25 Most Dangerous Software Weaknesses list, highlighting cross-site scripting (XSS) as the most critical vulnerability. The announcement was featured in a post on SecurityWeek. **Meeting Notes Takeaways:** 1. **Update Release:** MITRE has published an updated list of the CWE Top 25 Most Dangerous Software … Read more
May 9, 2024 at 08:57AM The US cybersecurity agency, CISA, has launched the Vulnrichment project to enhance CVE records with CPE, CVSS, CWE, and KEV data. The project aims to prioritize remediation efforts, spot trends, and prompt vendors to address entire classes of vulnerabilities. CISA has enriched 1,300 CVEs and encourages all CNAs to offer … Read more
February 29, 2024 at 02:28PM The MITRE-led CWE program added four new microprocessor-related weaknesses, including exposure of sensitive information during transient execution and data leaks tied to microarchitectural structures and incorrect data forwarding. These vulnerabilities help processors address major issues like Meltdown and Spectre and contribute to a common language for discussing microprocessor weaknesses in … Read more
February 27, 2024 at 03:27PM The US government is urging software manufacturers to release timely, comprehensive documentation of security vulnerabilities to enhance efforts in measuring code quality and safety. The White House emphasizes the need for long-term investment incentives and the adoption of memory-safe programming languages to improve cybersecurity across the digital ecosystem. This industry-wide … Read more