It was #2 from the Top 10 community survey but also had enough data to make the Top 10 via data. Vulnerable Components are a known issue that we struggle to test and assess risk and is the only category to not have any Common Weakness Enumerations (CWEs) mapped to the included CWEs, so a default exploits/impact weight of 5.0 is used. Notable CWEs included are CWE-1104: Use of Unmaintained Third-Party Components and the two CWEs from Top 10 2013 and 2017.
Shouldn't it be:
is the only category not to have any Common Vulnerability and Exposures (CVEs) mapped to the included CWEs
?
This proposition is taken from 2021/docs/index.md and looks to be much more adequate than the actual sentence in A06.
Overview of A06:2021 on
masteris the following:Shouldn't it be:
?
This proposition is taken from
2021/docs/index.mdand looks to be much more adequate than the actual sentence in A06.