mmccool
commented
5 years ago This really should have been an issue in wot-security-testing... oh well. At any rate, see PR https://github.com/w3c/wot-security-testing-plan/pull/6
Closed mmccool closed 5 years ago
mmccool
commented
5 years ago This really should have been an issue in wot-security-testing... oh well. At any rate, see PR https://github.com/w3c/wot-security-testing-plan/pull/6
mmccool
commented
5 years ago Done.
Summary of proposed changes to security testing doc: Vulnerability -> Weakness Exploitable Vulnerability -> Vulnerability
The two both have the identical definition for vulnerability.
The second one has the definition for weakness.
X.1520 Common vulnerabilities and exposures https://www.itu.int/rec/T-REC-X.1520
3.2.17 vulnerability: Any weakness in software that could be exploited to violate a system or the information it contains (based upon ITU-T X.1500).
X.1524 Common weakness enumeration https://www.itu.int/rec/T-REC-X.1524
3.2.17 vulnerability: Any weakness in software that could be exploited to violate a system or the information it contains (based upon [b-ITU-T X.1500]).
3.2.18 weakness: A shortcoming or imperfection in the software code, design, architecture, or deployment that, could, at some point become a vulnerability, or contribute to the introduction of other vulnerabilities.