search

CyberSecAI / CWEMap

Apache License 2.0
0 stars 0 forks source link

Get Known Good CVE CWE Mappings #3

Closed Crashedmind closed 2 months ago

Crashedmind commented 2 months ago

Description, Use Case and User Stories

CWE team to provide Known Good CVE CWE Mappings e.g. from Top 25.

These are used to augment the corpus and improve the LLM responses. Currently the CWE list ObservedExamples are used (there's ~3K of these - but they are spread unevenly across the CWE IDs)

Definition of Ready

  1. The people who will lead this effort are identified and interested and committed.
  2. The Known Good CVE CWE Mappings are agreed

Acceptance Criteria

  1. The Known Good CVE CWE Mappings are shared

Additional context

  1. Additionally/Separately, it is possible to identify good/bad CWE mappings automatically ala https://cybersecai.github.io/Vulnrichment/Vulnrichment/ but some level of human review should still be done.