On Tue, 9 Sep 2008, paulslewis66 wrote:
> May I ask if CWE references will be included within the XML CVE feeds in
> a similar way the searchable database is?
We do not track CWE references within CVE. You're probably talking about
NIST's NVD (nvd.nist.gov), which is an extension of CVE. NVD has been
mapping to CWE on individual pages, but it is not yet included in their
downloads. However, NVD has stated that they will start including CWE
names in the downloads within a matter of weeks.
For those who were not aware of NVD's use of CWE, see:
http://nvd.nist.gov/cwe.cfmThe current selection of CWE identifiers used in NVD faces many of the
same issues that have been brought up by Information-technology Promotion
Agency, Japan (IPA), specifically that sometimes you can't assign CWE
identifiers when you are dealing with incomplete third-party vulnerability
information. We are aware of this limitation and hope to address it in
the coming months.
- Steve
