通用缺陷列表(CWE) |
|
本建议书涉及通用缺陷列表(CWE)的使用,提供了一种用于交流信息安全缺陷的结构化手段,其中包含了通信网络、最终用户设备或任何其它类型能够运行软件的信息通信技术使用的商业或开源软件中已知问题的通用名称。CWE的目标是使人们实现更有效地讨论、描述、选择和使用能够在源代码和操作系统中发现这些缺陷的软件安全工具和服务,以及更好地了解和管理与架构和设计相关的软件缺陷。本建议书定义了CWE的使用,提供了一种能使软件安全工具、服务、知识库和其它功能同时使用的机制,方便了安全工具和服务的比较。CWE还提供了有关可能出现的风险、影响、修复程序信息的背景信息,以及有关软件缺陷可能对软件系统产生的影响的详细技术资料。 |
|
Citation: |
https://handle.itu.int/11.1002/1000/11374 |
Series title: |
X series: Data networks, open system communications and security X.1500-X.1599: Cybersecurity information exchange X.1520-X.1539: Vulnerability/state exchange |
Approval date: |
2012-03-02 |
Provisional name: | X.cwe |
Approval process: | TAP |
Status: |
In force |
Maintenance responsibility: |
ITU-T Study Group 17 |
Further details: |
Patent statement(s)
Development history
|
|
|
Ed. |
ITU-T Recommendation |
Status |
Summary |
Table of Contents |
Download |
1
|
X.1524 (03/2012)
|
In force
|
here
|
here
|
here
|
Title |
Approved on |
Download |
Guidelines for identity-based cryptosystems used for cross-domain secure communications
|
2023
|
here
|
Overview of hybrid approaches for key exchange with quantum key distribution
|
2022
|
here
|
Guidelines for security management of using artificial intelligence technology
|
2022
|
here
|
Successful use of security standards (2nd edition)
|
2020
|
here
|
Description of the incubation mechanism and ways to improve it
|
2020
|
here
|
Strategic approaches to the transformation of security studies
|
2020
|
here
|
|