Month: February 2025

Has CWE Jumped the Shark?

The Common Weakness Enumeration (CWE) is a MITRE run, community-developed list of common software and hardware weaknesses (Wikipedia Page). The project defines a “weakness” as “a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.” This taxonomy has several uses but they tend to…

February 21, 2025
Reason #283 Why InfoSec Has Failed

For those familiar with my social media, you know that I have frequently said that our industry is failing the commons. InfoSec represents a huge market, companies get paid exorbitant amounts of money, salaries can border on the ridiculous, and the concept of researchers being famous for their work is still alive. Meanwhile, vulnerabilities are…

February 8, 2025

Has CWE Jumped the Shark?