SFPM 1.0b2 FTF Avatar
  1. OMG Issue

SFPM_ — Clarify terminology between "weakness"/"vulnerability" and "fault"

Open Closed All
  • Key: SFPM_-1
  • Status: open  
  • Source: KDM Analytics ( Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett March 17 2020:
    there is a further confusion between “weakness”/”vulnerability” and “fault”.
    It seems to me they are different – a plain fault (aka bug) resulting in the software not acting according to its spec is not necessarily an exploitable weakness.
    It seems to me the spec is all about weaknesses, not faults (bugs). That also ties in with the language around CWE which this spec is based on. Use of “fault” should be avoided.
  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:26 GMT
  • Updated: Sun, 20 Feb 2022 14:53 GMT