Due to
which added a list of CWEs,
the following content should be revised.
|
### CWE and Exploitation |
|
|
|
As mentioned in the discussion of [*Exploitation*](../reference/decision_points/exploitation.md), [CWE](https://cwe.mitre.org/) could be used to inform one of the conditions that satisfy [*proof of concept*](../reference/decision_points/exploitation.md). |
|
For some classes of vulnerabilities, the proof of concept is well known because the method of exploitation is already part of open-source tools. |
|
For example, on-path attacker scenarios for intercepting TLS certificates. |
|
These scenarios are a cluster of related vulnerabilities. |
|
Since CWE classifies clusters of related vulnerabilities, the community could likely curate a list of CWE-IDs for which this condition of well known exploit technique is satisfied. |
|
Once that list were curated, it could be used to automatically populate a CVE-ID as [*proof of concept*](../reference/decision_points/exploitation.md) if the CWE-ID of which it is an instance is on the list. |
|
Such a check could not be exhaustive, since there are other conditions that satisfy [*proof of concept*](../reference/decision_points/exploitation.md). |
|
If paired with automatic searches for exploit code in public repositories, these checks would cover many scenarios. |
|
If paired with active exploitation feeds discussed above, then the value of [*Exploitation*](../reference/decision_points/exploitation.md) could be determined almost entirely from available information without direct analyst involvement at each organization. |
(it's no longer a possible future, we have the list now)
