ES2511-3c1f9635 (Modification) - Add observed examples for AI products

[stevechristeycoley]

Submission File: ES2511-3c1f9635-AI-ML-observed-examples.txt

DESCRIPTION:

This submission will be used to focus the identification, review, and
addition of observed examples based on a report of recent CVEs in
AI/ML-related products. Contributors may make suggestions using comments in
the CDR issue itself.

The task is roughly:

• for each CWE, review the list and identify one to three observed examples
  that could be most suitable to include in the CWE entry

The best examples satisfy the following criteria:

• the vulnerability is not unnecessarily complex

• the CVE has useful technical details that explain the weakness, whether
  in the CVE description itself or in its references (many CVEs do not have
  such details)

• the relevant CWE mapping needs to be verified (in case of errors); a
  better CWE can be used if found.

• ideally, the collected set of CVEs for a particular CWE should reflect
  a variety of products, technologies, and/or errors.

[RushiP-MITRE]

ES2511-3c1f9635 has been assigned to a member of the CWE Content Team as part of the INITIAL REVIEW phase. We will provide feedback as soon as possible.

The review process will analyze the submission for scope and submission problems as documented here:

• Submission problems
• Scope exclusions

After initial review, we might need to ask you additional questions (CONSULTATION phase) to ensure that the submitted information is accurate, properly understood, and (for new entry proposals) falls within CWE's scope. Afterward, we will make a DECISION as to whether a new CWE entry is needed, or if an existing entry needs to be modified. If a new entry is needed, we will then request more detailed content from you (SUPPORTING ANALYSIS). See the following URL for more details:

https://cwe.mitre.org/community/submissions/guidelines.html