A method to assess ‘forgivable’ vs ‘unforgivable’… - NCSC.GOV.UK

The rising number of Common Vulnerabilities and Exposures (CVEs) reflects a critical challenge in secure software development. While some vulnerabilities are inherently complex, others—deemed ‘unforgivable’—highlight systemic neglect of secure coding practices. Building on insights from the NCSC and Steve Christie’s seminal MITRE paper, this framework assesses vulnerabilities based on the feasibility of applying top-level mitigations, urging vendors to prioritize secure programming, strengthen development frameworks, and eradicate entire vulnerability classes. By focusing on root causes and practical implementation, we aim to foster a more secure software ecosystem. This summary is tailored for professionals committed to advancing secure development practices.