How to choose the CWE code folder name?

Hellow there, im working on VbD features, but i’ve noticed that same vulnerability can be in multiple folders with different codes, for example: I’ve seen CSRF features with different folder name codes (CWE-0079, CWE-0352, CWE-0319, CWE-200) despite is the same vulnerability.

So i decided to look into the VbD Structure guide rules and VbD Submission guide but it is not specified.

My question is: Once I found a vulnerability, if it fits in multiple CWE codes, How to choose the folder name one?

1 Like