-
We have a model near finished for predicting CWEs for a CVE. We'll want to add CWEs as part of the characteristics for each CVE.
since this uses a different model, it'd make most sense just to have it…
-
Currently we only have CWE ids. For users it is often handy to see what weakness is linked without having to click on it. In Mapanalysis especially.
We have titles (Sectionnames) for many standards.…
-
Clear up these gosec warnings, especially the SEVERITY:MEDIUM ones
### Setup
1. Create firebase dev site for testing
2. install gosec
```
go install github.com/securego/gosec/v2/cmd/gosec@la…
-
test plaintext passwords
-
Please look into.
-
Description of the bug:
---------------------------
After I used Cppcheck to perform static analysis of the source code of Redis I discoverd the following error:
CWE 664 : "va_list ‘_cpy’ used bef…
-
Test test test
-
Hi!
I am doing a research of many different SAST applications for the final project of my cybersecurity master, and I've reached VCG. After some tests, I wanted to have an OWASP Benchmark of this too…
-
Hi
I was surprised to read A2:2021 where [*CWE-259: Use of Hard-coded Password* is mentioned as a notable CWE](https://github.com/OWASP/Top10/blob/fb884b3e8a77c65e61824e99ac62ce456ae20628/2021/docs…
-
This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20).
LABEL: Bug …