Create a CWE based list of vulnerabilities for the report
-
Analysis of CWES -
Identification and matching of CAPEC -
Ordering of CWE per architecture to our classification and vulnerability study -
summary with links to CWEs -
listing of strategies and measures for the identified vulnerabilities -
quick comparison of the outcomes of manual and CWE analysis
Integrative analysis is always better. What about Classes - CWE - pattern identification? what are possible patterns for the proposed mitigation strategies? Match CWE - Pattern?