MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs

Dark Reading had the exclusive on reporting MITRE-led Common Weakness Enumeration (CWE) program’s latest release. The CWEs are the result of a collaborative effort among Intel, AMD, Arm, Riscure, and Cycuity and give processor designers and security practitioners in the semiconductor space a common language for discussing weaknesses in modern microprocessor architectures.

"CWEs ... are about the root causes that really make vulnerabilities possible," says Alec Summers, MITRE's CWE program lead. They encapsulate information on the one-to-many relationship between a single mistake a developer might make and the many hundreds of vulnerabilities that it can result in across products, Summers says. "The four new CWEs define mistakes in microarchitectural design and are the result of some really incredible collaboration among industry members that are competitors in some ways," he says.

Read the full article here.