Skip to content

2012

  • in Security
  • 2 min read

CWE Compatibility for Red Hat

Info

This post was also published at https://access.redhat.com/blogs/766093/posts/1975773.

Info

This post was also published at https://securityblog.redhat.com/2012/11/01/red-hat-is-now-cwe-compatible/.

Red Hat is pleased to announce it has attained Common Weakness Enumeration (CWE) compatibility.

The CWE Compatibility and Effectiveness Program is a formal review and evaluation process for declaring products and services as “CWE-Compatible” and “CWE-Effective”. For the last few months, Red Hat was engaged in the CWE Compatibility and Effectiveness Program and worked towards fulfilling its requirements. These requirements included providing a common language for discussing, identifying, and dealing with the causes of vulnerabilities in our products.

  • in Security
  • 3 min read

CWE Risk Assessment Report for Red Hat

Info

This post was also published at https://access.redhat.com/blogs/766093/posts/1975723.

Info

This post was also published at https://securityblog.redhat.com/2012/09/05/cwe-vulnerability-assessment-report/.

Common Weakness Enumeration (CWE) is a dictionary or formal list of common software weaknesses. It is a common language or taxonomy for describing vulnerabilities and weaknesses; a standard measurement for software assurance tools and services’ capabilities; and a base for software vulnerability and weakness identification, mitigation, and prevention.

CWE Coverage for Red Hat Customer Portal

Info

The contents of this post are now part of the Red Hat Customer Portal as a Knowledgebase article.

Info

This post was also published at https://access.redhat.com/blogs/766093/posts/1975963.

Info

This post was also published at https://securityblog.redhat.com/2013/06/19/cwe-coverage-for-red-hat-customer-portal/.

CWE has different views for different audiences and purposes. In the early stages of development, CWE only had one hierarchical representation, which originated the current Development Concepts View (or Development View). CWE is currently organized in two main views: Development Concepts (CWE-699), and Research Concepts (CWE-1000).

CWE Compatibility for Red Hat Customer Portal

Info

The contents of this post are now part of the Red Hat Customer Portal as a Knowledgebase article.

Info

This post was also published at https://access.redhat.com/blogs/766093/posts/1975953.

Info

This post was also published at https://securityblog.redhat.com/2013/06/05/cwe-compatibility-for-red-hat-customer-portal/.

We are currently engaged in the CWE Compatibility and Effectiveness Program, and working towards fulfilling its requirements for using CWE in our CWE risk assessment process for working towards identifying and eliminating the most dangerous software errors and weaknesses in our products. The CWE Compatibility and Effectiveness Program is a formal review and evaluation process for declaring products and services as “CWE-Compatible” and “CWE-Effective”.

CWE Risk Assessment for Red Hat

Info

This post was also published at https://access.redhat.com/blogs/766093/posts/1975943.

Info

This post was also published at https://securityblog.redhat.com/2013/05/22/outside-in-vulnerability-assessment-for-secure-software-development/.

CWE risk assessment is a process for identifying and eliminating some of the most dangerous and potentially exploitable weaknesses in your existing products and projects.

Some well-known secure software development methodologies have their security practices grouped into phases, from training to response. However, you may have your main product already within the response phase, where its development may not have been done practicing a secure software development methodology. This is often the case for open source software vendors, where training upstream developers for development of its own software is not always viable. This is where the CWE risk assessment can help.