[Owasp-leaders] Top 10 Call for Data

Eoin Keary eoin.keary at owasp.org
Tue May 24 16:34:38 UTC 2016

Hi David,
in relation to crypto

CWE-310 and CWE-326, the differences are open to interpretation.

Comment on site (cwe.mitre.org)

This category is incomplete and needs refinement, as there is good
documentation of cryptographic flaws and related attacks.

Relationships between CWE-310
<https://cwe.mitre.org/data/definitions/310.html>, CWE-326
<https://cwe.mitre.org/data/definitions/326.html>, and CWE-327
<https://cwe.mitre.org/data/definitions/327.html> and all their children
need to be reviewed and reorganized.

Should we not remove one of them and bunch everything under 1 heading?


OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160524/d5455193/attachment-0001.html>

More information about the OWASP-Leaders mailing list