hanstdam
commented
2 years ago I see that PR https://github.com/OWASP/Top10/pull/658 has been created to add CWE-259 to A2:2021 list of mapped CWEs. However, it seems like a partial solution, since CWE-259 is still part of A7:2021 list of mapped CWEs.
Hi
I was surprised to read A2:2021 where CWE-259: Use of Hard-coded Password is mentioned as a notable CWE in the overview, however CWE-259 does not appear in the List of Mapped CWEs section.
It turns out that CWE-259 is a member of A7:2021.
I feel like either the membership of CWE-259 should change from A7:2021 to A2:2021, or the overview text of A2:2021 should be changed to not include CWE-259.
I'm really sorry if I'm missing something obvious. I was just confused by this discrepancy and I'd be happy to help correct it.