Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A2:2021 contains CWE-259 in overview, however is member of A7:2021 #717

Open
hanstdam opened this issue Apr 28, 2022 · 1 comment
Open

A2:2021 contains CWE-259 in overview, however is member of A7:2021 #717

hanstdam opened this issue Apr 28, 2022 · 1 comment
Assignees
@infosecdad
Labels
Discussion

Comments

@hanstdam
Copy link

Hi

I was surprised to read A2:2021 where CWE-259: Use of Hard-coded Password is mentioned as a notable CWE in the overview, however CWE-259 does not appear in the List of Mapped CWEs section.

It turns out that CWE-259 is a member of A7:2021.

I feel like either the membership of CWE-259 should change from A7:2021 to A2:2021, or the overview text of A2:2021 should be changed to not include CWE-259.

I'm really sorry if I'm missing something obvious. I was just confused by this discrepancy and I'd be happy to help correct it.
@hanstdam
Copy link
Author

I see that PR #658 has been created to add CWE-259 to A2:2021 list of mapped CWEs. However, it seems like a partial solution, since CWE-259 is still part of A7:2021 list of mapped CWEs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@infosecdad infosecdad

Labels
Discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hanstdam @sslHello @infosecdad and others