-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add weakness enumeration to SPDX #102
Comments
Based on discussion in weekly call, defering this to 3.0 so it aligns better with base + security profile discussions. |
@jeff-schutt @puerco - is this in the current security profile? If not, should we add this to a 3.1 milestone? |
@goneall CWE is not there today, and it seems like a reasonable recommendation. Many security advisories link the CVE to a CWE. We can investigate further in the security profile. |
Per discussion in the security call today, Jeff is going to add |
Per discussion in the April 10 Security call, this commit adds cwe (common weakness enumeration) as an ExternalIdentifierType. Closes spdx/spdx-spec#102 Signed-off-by: Rose Judge <[email protected]>
Per discussion in the April 10 Security call, this commit adds cwe (common weakness enumeration) as an ExternalRefType. Closes spdx/spdx-spec#102 Signed-off-by: Rose Judge <[email protected]>
Per discussion in the April 10 Security call, this commit adds cwe (common weakness enumeration) as an ExternalRefType. Closes spdx/spdx-spec#102 Signed-off-by: Rose Judge <[email protected]>
In the SPDX general meeting on 6 Dec 2018, Mark Baushke requested we add the weakness enumeration in the SPDX security data: https://cwe.mitre.org/
The text was updated successfully, but these errors were encountered: