[prev in list] [next in list] [prev in thread] [next in thread]
List: websecurity
Subject: Re: [WEB SECURITY] What's the differences between weakness and
From: Christian Heinrich <christian.heinrich () cmlh ! id ! au>
Date: 2011-11-20 8:41:12
Message-ID: CAGKxTURoVH41dsipmaB6kjVnM2Bz8wSYSpkJQk77pmHBd=DxEw () mail ! gmail ! com
[Download RAW message or body]
Steve,
On Thu, Nov 10, 2011 at 3:30 PM, Steven M. Christey
<coley@rcf-smtp.mitre.org> wrote:
> A software weakness, as we use in CWE, is a property of
> software/systems that, under the right conditions, may permit
> unintended or unauthorized behavior. =A0For example, if a routine does
> not perform input validation, then it *might* permit unintended or
> unauthorized behavior. =A0(In the CWE world, we generally think of a CWE
> entry as a weakness "type.")
I prefer "vulture" i.e. a play on the words "vulnerability" and
"feature", which was suggested by Shawn Moyer and Nathan Hamiel at
Black Hat USA 2008 in their presentation was "Satan is on my Friends
List: Attacking Social Networks".
-- =
Regards,
Christian Heinrich
http://cmlh.id.au/contact
_______________________________________________
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic