Security Engineering (SE) Workbench

What's New

22 November 2024 - SVE update

1. upgrade SVE to CWE version 4.16.
2. upgrade CWE-table to CWE version 4.16.

10 Sept 2024 - SVE update

1. added popup window for Supplemental Diagram Image for CWEs.

24 July 2024 - SVE version update

1. upgrade CWE version to 4.15.
2. upgrade SVE tool from 1.9 to 1.10.
3. SVE 1.10 added drop down menu for Named technology.
4. upgrade from CWE Table from 1.9 to 1.10.

15 April 2024 - SVE 1.9 minor update

1. added drop down menu for CVE Mapping Guidance.

12 April 2024 - Included CVE mapping data from CWE data (4.14)

1. SVE 1.9 modified to render Mapping_Notes and Mapping Rationale.

04 March 2024 - New version of CWE data (4.14)

1. New SVE version 1.9, to include: updates to TOP 25 lists, added CISA KEV Top 10 list
2. New cwe-table version 4.14

31 October 2023 - Updated SVE display columns and format

1. Added new column for Attack Narratives

30 October 2023 - Updated SVE display format

1. Minor updates to Target Technology and Explout impact columns to balance data

27 October 2023 - Updated CWE data source

1. Upgraded cwe-table to CWE 4.13
2. Upgraded SVE1.8 to CWE 4.13 data
3. Added Observed Examples to the Impact column in SVE 1.8
4. Changed default display columns to show Impacts and hide Mitigations

30 August 2023 - Update SDE V1.1

1. Upgraded CC2022 data
2. Upgraded SDE logic and visualization

19 August 2023 - Update CC Data Table

1. Update Common Criteria Version from V1R5 to 2022 R1

8 August 2023 - Update to Landing Page

1. Updated intro wording

15 July 2023 - CWE XML Update

1. Trimmed CWE XML data file to remove unused Content History elements in order to remedy Google Chrome and MS Edge issues.

14 July 2023 - Project Update

1. Added Analytics

8 May 2023 - SVE Update

1. Added Effectiveness value to Mitigation Guidance

5 May 2023 - SVE Update

1. Added Effectiveness value to Detection Method column

3 May 2023 - CWE Table and SVE Update

1. Upgraded CWE DataTable and SVE to CWE 4.11.
2. Replaced labels and logic for "Assurance Strategy" with "Detection Methods" from CWE entries

11 April 2023 - CWE Table Update

1. Upgraded CWE DataTable to CWE 4.10 to add hyperlinks to Related CAPEC column.

20 March 2023 - SVE update

1. Upgraded SVE to CWE 4.10.
2. Upgraded CWE DataTable to CWE 4.10.

28 February 2023 - SAE update

1. Added Abstraction Level value to CAPEC Name filter menu entries. These are exported with the Analysis Spreadsheet.

22 February 2023 - SAE update

1. Revised Affinity Group to identify MITRETOP as merged list of MITRE SW, MITRE SW CUSP, MITRE HW and MITRE HW CUSP lists.

3 February 2023 - SAE update

1. Added "MITRE-ICS" to Affinity Groups. ICS is a grouping of Weaknesses associated with Industrial Control Systems.

1 February 2023 - SAE update

1. Added "Skills Required" information to Attack Flow column entries

31 January 2023 - SAE update

1. Added "Attack Resources" information to Attack Flow column entries

27 January 2023 - SAE update

1. Deployed SAE 1.4 with new CAPEC 3.9
2. Deployed CAPEC 3.9 data table

22 January 2023 - SAE update

1. Changed "Default Risk Index" to "Default Threat Index". The rationale is that a threat is quantified as a function of severity and likelihood. On the other hand, a risk is quantified as a function of the importance of a threat and and the consequence / impact of the occurence of the threat.

10 January 2023 - SAE update

1. Added live links to Affinity Group entries.
2. Added live links to OWASP Categories A01 -> A10.

09 January 2023 - SAE correction

1. Changed entries and label for OWASP in "Affinity Groups".

03 January 2023 - SAE correction

1. Changed logic and formatting for "Affinity Groups".
2. Revised Export function for Attack Analysis CSV.

31 December 2022 - SAE Added Function

1. Added "Affinity Groups" column for OWASP and MITRE CWE Lists.
2. Revised Export function for Attack Analysis CSV.

24 December 2022 - SAE Added Function

1. Added logic for Risk Index, where Risk is a function of Severity and Likelihood.
2. Added Risk Index filter menu.
3. Added Risk Index Column.
4. Revised Export function for Attack Analysis CSV.

08 December 2022 - Corrections

1. Changed CWE and CAPEC Basic datatables to correct selection by ID.

20 October 2022 - Upgrade SVE

1. Added Hardware Design and and Software Development Views and filters.

15 October 2022 - Upgrade to CWE 4.9

1. Upgraded CWE Data Table.
2. Updated SVE to reflect V4.9.

7 October 2022 - Minor corrections

1. Changed the visibility of "Typical Severity" and "Likelihood of Attack" columns on CWE and CAPEC Basic Data Table tools.
2. Updated SAE to reflect V3.8 version number on Exported file names.

3 October 2022 - Updates for CAPEC V3.8

1. Upgraded CAPEC Data Table
2. Updated instruction table in SAE tool
3. Added Attack Step filter in SAE tool
4. Update SAE Exercise page
5. Upgraded SE-workbench home page

29 September 2022 - SCE Update

1. Revised link to NIST SP800-53R3 detail webpages to point to NIST Cybersecurity and Privacy Reference Tool

25 September 2022 - Added tool and links

1. Added tool to view Common Criteria Security Functional Requirements
2. Updated landing page to add reference to Security Design Tool which is under construction

16 September 2022 - Added Bibliography and References page and links

1. Added Bobliography and Reference page to Foundational Documents, Standards and Key Reference documents

26 August 2022 - Added tools and links

1. Added tool to view basic NIST SP800-53 R5 Data table
2. Added tool to view basic MITRE CWE Data table
3. Added tool to view basic MITRE CAPEC Data table

5 July 2022 - Upgraded SVE from CWE 4.7 to 4.8

1. Upgraded CWE Data
2. Ungraded SVE Explorer logic

18 February 2022 - Initial Release

1. Project Pages
2. Security Controls Explorer
3. Security Vulnerability Explorer
4. Security Attack Explorer

top of the page