Automated Source Code Security Measure Avatar
  1. OMG Specification

Automated Source Code Security Measure — Closed Issues

  • Acronym: ASCSM
  • Issues Count: 44
  • Description: Issues resolved by a task force and approved by Board
Closed All
Issues resolved by a task force and approved by Board

Issues Summary

Key Issue Reported Fixed Disposition Status
ASCSM-91 reorder CWEs numerically ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-89 Add CISQ Appendix ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-87 Shorten references ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-85 REplace SMM representation with derived measures ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-83 Add fucntional density calculation ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-81 Expand calculation description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-79 Replace CWE-327 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-75 Replace CWE-798 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-73 Replace CWE-131 description and change number ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-71 Replace CWE-772 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-2 Change section 8 and add section 9 to be consistent with other CISQ measure specs ASCSM 1.0b1 ASCSM 1.0 Closed; Out Of Scope closed
ASCSM-1 Change out section 7 ASCSM 1.0b1 ASCSM 1.0 Closed; Out Of Scope closed
ASCSM-57 Replace CWE-434 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-55 Change CWE-754 CISQ-10 to CWE-397 and replace text ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-53 Split CWE-754 and replace CISQ-11 with CWE 396 ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-51 Replace CWE-754 description and change CWE # ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-47 Replace CWE-134 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-45 Replace CWE-129 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-43 Replace CWE-119 description and correct CWE number ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-41 Replace CWE-89 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-36 Replace descirption of CWE-78 ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-34 Replace CWE-22 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-26 Add abreviated terms to section 5 ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-24 Add more terms from this measure to section 4 ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-20 Add 'objective' to conformance criteria ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-77 Replace CWE-834 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-69 Replace CWE-706 description and change number ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-67 Replace CWE-681 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-65 Replace CWE-672 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-63 Replace CWE-667 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-61 Replace CWE-834 description and change CWE number ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-59 Replace CWE-456 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-49 Replace CWE-327 description ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-39 Replace CWE-79 descirption ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-32 Add introduction to section 7. ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-30 Eliminate all sub-patterns ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-28 Insert revised Table 1 ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-22 Eliminiate section 3.2 ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-18 Eliminate section 2.1 ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-15 Add section on using the measure ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-13 Insert new section 1.4 for structural information ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-11 Shorten section 1.3 ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-9 Shorten section 1.2 ASCSM 1.0b1 ASCSM 1.0 Resolved closed
ASCSM-7 Shorten and revise section 1.1 ASCSM 1.0b1 ASCSM 1.0 Resolved closed

Issues Descriptions

reorder CWEs numerically

  • Key: ASCSM-91
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    reorder sequence of CWEs to be in numerical order

  • Reported: ASCSM 1.0b1 — Sat, 8 Aug 2015 04:02 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    reordered CWEs numerically

    Reordered CWEs in the document to be in numerical order by CWE number

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Add CISQ Appendix

  • Key: ASCSM-89
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Add an Appendix describing CISQ

  • Reported: ASCSM 1.0b1 — Sat, 8 Aug 2015 01:54 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Added CISQ appendix

    Added Appendix A: CISQ with a description of CISQ

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Shorten references

  • Key: ASCSM-87
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Shorten the reference section to only those related to the text and removing those whose text was deleted in revisions.

  • Reported: ASCSM 1.0b1 — Sat, 8 Aug 2015 01:50 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Referenes shortened

    Eliminated references not longer referenced in the text.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

REplace SMM representation with derived measures

  • Key: ASCSM-85
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace SMM representation since the charts are hard to read and do not add useful information beyond the accompanying SMM code. Add a section indicating additional ways the Security measure can be weighted to derive new measures.

  • Reported: ASCSM 1.0b1 — Sat, 8 Aug 2015 01:45 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced section 9

    Replaced the SMM representation with a list of derived measures.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Add fucntional density calculation

  • Key: ASCSM-83
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Add a description of how to calculate functional density of security violations

  • Reported: ASCSM 1.0b1 — Sat, 8 Aug 2015 01:39 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Added functional desinty calculation

    Added functional desinty calculation of security violations by dividing by Automated Function Points.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Expand calculation description

  • Key: ASCSM-81
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Revise and expand the description of the measure calculation

  • Reported: ASCSM 1.0b1 — Sat, 8 Aug 2015 01:34 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    expanded calculation description

    expanded the calculation description by several paragraphs

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-327 description

  • Key: ASCSM-79
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-327 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Sat, 8 Aug 2015 01:28 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced CWE- description

    Replaced description of CWE-327 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-798 description

  • Key: ASCSM-75
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-798 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 21:09 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced CWE-798 description

    Replaced description of CWE-798 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-131 description and change number

  • Key: ASCSM-73
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-131 with KDM- & SPMS-based representation and change number to CWE-789 since it provides the more common and case for this violation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 21:03 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced CWE- description and changed number

    Replaced description of CWE-131 with KDM- & SPMS-based representation and changed number to CWE-789 because it represents the more general case.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-772 description

  • Key: ASCSM-71
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-772 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 20:51 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced CWE-772 description

    Replaced description of CWE-772 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Change section 8 and add section 9 to be consistent with other CISQ measure specs


Change out section 7


Replace CWE-434 description

  • Key: ASCSM-57
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-434 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 00:46 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-434 description

    Replaced description of CWE-434 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Change CWE-754 CISQ-10 to CWE-397 and replace text

  • Key: ASCSM-55
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Split CWE-754 and change the CISQ 10 part to CWE-397 which is much more descriptive of failing to throw generic exceptions. Replace the description with a KDM- and SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 00:17 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Chnange CWE-754 to CWE-397 and replace text

    Changed the CWE number from 754 to 397. Replaced description with KDM- and SPMS-based representations.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Split CWE-754 and replace CISQ-11 with CWE 396

  • Key: ASCSM-53
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Shift from CWE-754 to CWE-396 which is specific for missing generic exceptions. Replace description with KDM- and SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 00:09 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    *Split CWE-754 and replace CISQ-11 with CWE 396 *

    Changed CWE # to 396 and replaced description with KDM-and SPMS-based representations

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-754 description and change CWE #

  • Key: ASCSM-51
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-745 with KDM- & SPMS-based representation. Change the CWE # to 252 since this is the more standard and common version of failing to check for unusual or exceptional conditions and is better explained for automation.

  • Reported: ASCSM 1.0b1 — Thu, 6 Aug 2015 23:58 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-754 description and change number

    Replace description of CWE-754 with KDM- & SPMS-based representation and change CWE number.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-134 description

  • Key: ASCSM-47
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-134 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Thu, 6 Aug 2015 19:13 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-134 description

    Replace description of CWE-134 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-129 description

  • Key: ASCSM-45
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-129 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Thu, 6 Aug 2015 19:08 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-129 description

    Replace description of CWE-129 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-119 description and correct CWE number

  • Key: ASCSM-43
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-119 with KDM- & SPMS-based representation and correct the number from 119 to 120.

  • Reported: ASCSM 1.0b1 — Thu, 6 Aug 2015 19:04 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-119 description and correct CWE number

    Replace description of CWE-119 with KDM- & SPMS-based representation and renumbered to CWE-120

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-89 description

  • Key: ASCSM-41
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-89 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Thu, 6 Aug 2015 18:51 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-89 description

    Replace description of CWE-89 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace descirption of CWE-78

  • Key: ASCSM-36
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-78 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Thu, 6 Aug 2015 17:50 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace descirption of CWE-78

    Replace description of CWE-78 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-22 description

  • Key: ASCSM-34
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace CWE-22 description with KDM- & SPMS-based representation

  • Reported: ASCSM 1.0b1 — Thu, 6 Aug 2015 17:44 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced description of CWE-22

    Replaced description of CWE-22 with KDM- & SPMS-based represetation

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Add abreviated terms to section 5

  • Key: ASCSM-26
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Add KDM and change IPMSS to SPMS.

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 22:15 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Made changes to section 5

    Added KDM to the list. Changed IPMSS to SPMS.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Add more terms from this measure to section 4

  • Key: ASCSM-24
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Add definitions for software security, violation, CWE, quality characteristic.

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 22:06 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Added definitions

    Found additional terms in the specification that needed definition and added these to section 4. E.g., CWE, violation, software security, etc.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Add 'objective' to conformance criteria

  • Key: ASCSM-20
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Added a bullet on 'objective' as a criteria for conformance with a description of its attributes. Eliminated subsection numbers since there is now only one section. Took 'compliance' out of the title since this is now only about conformance.

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 21:51 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Reworked section 2

    Add bullet for 'objective' as a conformance criterion. Eliminate subsection numbers. Eliminate 'Compliance' from title.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-834 description

  • Key: ASCSM-77
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-834 with KDM- & SPMS-based representation and change number to CWE-835 for infinite loop conditions

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 21:24 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-834 description and changed number to CWE-835

    Replace description of CWE-835 with KDM- & SPMS-based representation and changed number to CWE-835 which is the more general case for infinite loop conditions.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-706 description and change number

  • Key: ASCSM-69
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-706 with KDM- & SPMS-based representation and change number to CWE-99 since it describes the more general and inclusive case of this violation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 20:41 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced CWE-706 description ande change number

    Replaced description of CWE-706 with KDM- & SPMS-based representation and changed the number to CWE-99 since that provides the more common and inclusive case of this violation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-681 description

  • Key: ASCSM-67
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-681 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 20:05 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced CWE-681 description

    Replaced description of CWE-681 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-672 description

  • Key: ASCSM-65
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-672 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 20:01 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced CWE-672 description

    Replaced description of CWE- 672with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-667 description

  • Key: ASCSM-63
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-667 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 19:56 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-667 description

    Replace description of CWE-667 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-834 description and change CWE number

  • Key: ASCSM-61
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-834 with KDM- & SPMS-based representation. Change CWE number to 606 since this CWE provides a clearer description of the violation for an unchecked range of input to a loop.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 19:51 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced CWE-834 description and changed number

    Replaced description of CWE- with KDM- & SPMS-based representation and changed number to CWE-606

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-456 description

  • Key: ASCSM-59
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-456 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Fri, 7 Aug 2015 19:40 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replaced CWE-456 description

    Replaced description of CWE-456 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-327 description

  • Key: ASCSM-49
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-327 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Thu, 6 Aug 2015 19:44 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-327 description

    Replace description of CWE-327 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Replace CWE-79 descirption

  • Key: ASCSM-39
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Replace description of CWE-79 with KDM- & SPMS-based representation.

  • Reported: ASCSM 1.0b1 — Thu, 6 Aug 2015 18:44 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Replace CWE-79 description

    Replaced description of CWE-79 with KDM- & SPMS-based representation.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Add introduction to section 7.

  • Key: ASCSM-32
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Add an introduction to section 7 to explain the representation meta-models used and how to read and interpret the patterns.

  • Reported: ASCSM 1.0b1 — Wed, 5 Aug 2015 16:44 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Insdert intro to section 7.

    Introductory sub-section added (7.1) to describe KDM, SPMS, and how to read and interpret the security patterns. Included Table 2 showing KDM representations of elements composing the CWEs. Added 'category definition' section (7.2) since it is needed as part of an SPMS model.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Eliminate all sub-patterns

  • Key: ASCSM-30
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Eliminate all sub-patterns as they are no longer needed.

  • Reported: ASCSM 1.0b1 — Wed, 5 Aug 2015 16:36 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Eliominate all sub-patterns

    Delete all text related to sub-patterns as they are no longer needed with the addition of KDM elements.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Insert revised Table 1

  • Key: ASCSM-28
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Insert revised Table 1 with an additional column. The revised columns should be: Security Pattern, Consequence, Objective, and Measure Element.

  • Reported: ASCSM 1.0b1 — Wed, 5 Aug 2015 16:26 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Inserted revised table 1.

    Revised table 1 to go from 3 to 4 columns and to provide better brief explanations of the measure element using KDM in SPMS patterns, and a consequence of the pattern. Relabeled the columns. Revised intro paragraph to be consistent with table 1

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Eliminiate section 3.2

  • Key: ASCSM-22
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Eliminate non-normative references from this section

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 21:59 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Eliminate section 3.2

    removed non-normative references from section 3.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Eliminate section 2.1

  • Key: ASCSM-18
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Eliminate section 2.1 since it is extraneous material that does not discuss how to conform to this specification.

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 21:43 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Eliominated section 2.1

    Deleted section

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Add section on using the measure

  • Key: ASCSM-15
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Add a section 1.6 Using and Improving This Measure

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 21:32 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Created new section 1.6

    Added section 1.6 Using and Improving This Measure

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Insert new section 1.4 for structural information

  • Key: ASCSM-13
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Insert new section 1.4 to contain all information about the structure of the measure. Renumber the CWE/SANS Top 25 Weaknesses section to become 1.5

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 21:24 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Created new section 1.4

    Inserted new section 1.4 to incorporate all structural information about the measure. Renumbered old section 1.4 CWE/SANS Top 25 Weaknesses to become section 1.5.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Shorten section 1.3

  • Key: ASCSM-11
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Shorten section 1.3 and focus it only on the process through which the measure was created.

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 21:14 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Shortened section 1.3

    Moved the structural description material to section 1.4 and shortened the section to focus only on the process through which CISQ created the measure.

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Shorten section 1.2

  • Key: ASCSM-9
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Shorten section 1.2 to provide briefer overview of quality characteristic measurement that is focused on the type of measure proposed.

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 20:57 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Shortened Section 1.2

    Consolidated the overview material and eliminated unnecessary explanation

  • Updated: Tue, 22 Dec 2015 15:03 GMT

Shorten and revise section 1.1

  • Key: ASCSM-7
  • Status: closed  
  • Source: CAST Software ( Bill Curtis [X] (Inactive))
  • Summary:

    Shorten section to a single paragraph that is revised to cover only the purpose of the measure

  • Reported: ASCSM 1.0b1 — Tue, 4 Aug 2015 20:40 GMT
  • Disposition: Resolved — ASCSM 1.0
  • Disposition Summary:

    Shortened and revised 1.1

    First paragraph revised to focus only on the purpose of the measure. The remainder of the old section moved to revised section 1.4

  • Updated: Tue, 22 Dec 2015 15:03 GMT