Skip to content

fix: replace CWE category entries with proper weakness CWEs#18

Open
tmendo wants to merge 1 commit into
mainfrom
fix/cwe-category-mappings
Open

fix: replace CWE category entries with proper weakness CWEs#18
tmendo wants to merge 1 commit into
mainfrom
fix/cwe-category-mappings

Conversation

@tmendo
Copy link
Copy Markdown
Contributor

@tmendo tmendo commented May 17, 2026

Summary

  • 37 vulnerability definition markdown files reference MITRE Category CWEs instead of Weakness CWEs — categories are prohibited for vulnerability mapping
  • Updates CWE ID and CWE NAME fields in each affected file
Old CWE New CWE Files
CWE-1035 (OWASP 2017 A9) CWE-1395 — Dependency on Vulnerable Third-Party Component 28
CWE-16 (Configuration) CWE-1004 / CWE-693 / CWE-295 / CWE-299 6
CWE-264 (Permissions) CWE-757 / CWE-400 2
CWE-310 (Crypto Issues) CWE-326 — Inadequate Encryption Strength 1

Test plan

  • Verify no remaining references to CWE-1035, CWE-16, CWE-264, or CWE-310 in any .md file
  • Spot-check a few files to confirm CWE NAME matches the new CWE ID

@tmendo @claude
fix: replace CWE category entries with proper weakness CWEs
b30b834 
CWE-1035, CWE-16, CWE-264, and CWE-310 are MITRE Category entries,
not Weakness entries — prohibited for vulnerability mapping.

- 28 files: CWE-1035 (OWASP 2017 A9) → CWE-1395
- 6 files: CWE-16 (Configuration) → CWE-1004/693/295/299
- 2 files: CWE-264 (Permissions) → CWE-757/400
- 1 file: CWE-310 (Crypto Issues) → CWE-326

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tmendo tmendo requested a review from a team as a code owner May 17, 2026 17:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tmendo