Security Stack Mappings – Hardware-Enabled Defense
The Security Stack Mappings – Hardware-Enabled Defense project demonstrates full stack threat-informed defense, from the hardware board to the …
June 21, 2024
Project Summary
The software industry is faced with managing large numbers of software weaknesses (commonly identified by static-scanning tools using CWE ID reference), alongside large numbers of software vulnerabilities (CVEs), which all sit across many assets with differing security requirements. The calculator enables software development teams to score and prioritize discovered weaknesses empirically based on data in the National Vulnerability Database (NVD).
Problem
Without a common system of comparison across software weaknesses (CWEs) and software vulnerabilities (CVEs) that factors in environmental context, engineering teams cannot effectively prioritize their work, and thus waste cycles on wrong things while they miss opportunities to secure systems.
Solution
The CWE with Environmental CVSS Calculator will provide output that effectively enables a CWE in a specified environment to be priority ranked against a CVE in the same or different environment.
Impact
Software development teams will focus their limited resources on addressing the most dangerous issues.
Funding Research Participants
Explore More of Our Work:
Summiting the Pyramid
Summiting the Pyramid (STP) creates a methodology to score analytics against the pyramid of pain, helping defenders create more robust detections …
Secure AI
A collaboration with MITRE ATLAS™ to advance security for AI–enabled systems that takes a threat-informed approach, enables rapid exchange of new …
Stay Informed
Sign up for the Center's "Stay Informed" newsletter to get notified for new project releases and upcoming events.