SFPM 1.0b2 FTF Avatar
  1. OMG Issue

SFPM_ — Clarify relationship between SFP and CWE catalog

Open Closed All
  • Key: SFPM_-3
  • Status: closed  
  • Source: KDM Analytics ( Dr. Nikolai Mansourov)
  • Summary:

    From AB review by Pete Rivett, March 17 2020:
    9.1.1.4 states that the objective of SFP is to resolve problems with the CWE catalog maintained by Mitre. This does not seem a community way of working: why not report problems and get them fixed at source?
  • Reported: SFPM 1.0b1 — Tue, 15 Feb 2022 04:31 GMT
  • Disposition: Closed; No Change — SFPM 1.0b2
  • Disposition Summary:

    no need to further clarify

    SFP has been developed in close collaboration with CWE developers. CWE has published the SFP viewpoint. The ability to reference CWE in an integral part of development process for SFP. There is a need to reference gaps, and note inconsistencies as part of the SFP effort, because of the mapping to CWEs. This is all a snapshot in time, CWE can change, e.g. decide to address some of these issues, etc. The proposed mechanism is not the means to communicate with Mitre, but rather the means to organize the SFP mapping to CWE.
  • Updated: Tue, 9 Jan 2024 22:27 GMT