oss-sec mailing list archives
Re: Re: Linux Kernel Defence Map
From: Alexander Popov <alex.popov () linux com>
Date: Tue, 1 May 2018 01:17:36 +0300
On 05.04.2018 02:55, Kurt Seifried wrote:
Please use a CWE identifier if one exists (https://cwe.mitre.org/), if one doesn't exist perhaps we should have one (email me and I'm happy to help get that ball rolling). Having a CWE not only helps categorize things correctly but gives us something to point developers at for resources around flaws and how they can be avoided/dealt with/etc.
Hello Kurt, I've just added the corresponding CWE IDs to the vulnerability classes showed on the map: https://github.com/a13xp0p0v/linux-kernel-defence-map It think there is only one vuln class that misses a CWE ID -- Stack Depth Overflow. We currently have CWE-674 (Uncontrolled Recursion), but it doesn't cover the Stack Clash case, which also refers to Stack Depth Overflow. Best regards, Alexander
Current thread:
- Linux Kernel Defence Map Alexander Popov (Apr 04)
- Re: Linux Kernel Defence Map Kees Cook (Apr 04)
- Re: Re: Linux Kernel Defence Map Kurt Seifried (Apr 04)
- Re: Re: Linux Kernel Defence Map Alexander Popov (Apr 30)
- Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
- Re: Linux Kernel Defence Map Kees Cook (Apr 05)
- Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
- Re: Linux Kernel Defence Map Kees Cook (Apr 05)
- Re: Linux Kernel Defence Map Alexander Popov (Apr 06)
- Re: Re: Linux Kernel Defence Map Kurt Seifried (Apr 04)
- Re: Linux Kernel Defence Map Kees Cook (Apr 04)