Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Biases entries #416

Merged
merged 8 commits into from
Jul 4, 2024
Merged

Biases entries #416

merged 8 commits into from
Jul 4, 2024

Conversation

TimmyBugcrowd
Copy link
Contributor

@TimmyBugcrowd TimmyBugcrowd commented Jun 24, 2024

Added

Data Biases - Representation Bias - Varies
Data Biases - Pre-existing Bias - Varies
Algorithmic Biases - Processing Bias - Varies
Algorithmic Biases - Aggregation Bias - Varies
Societal Biases - Confirmation Bias - Varies
Societal Biases - Systemic Bias - Varies
Misinterpretation Biases - Context Ignorance - Varies
Developer Biases - Implicit Bias - Varies

@AN2424
Copy link

AN2424 commented Jun 26, 2024

RRudder added a commit to bugcrowd/templates that referenced this pull request Jun 28, 2024
* Fixing cvss_v3 file
* Adding secure-code-warrior-links.json
@abhinav-nain
Copy link
Collaborator

We need to look into why this failed: https://github.com/bugcrowd/vulnerability-rating-taxonomy/actions/runs/9651409212/job/26619199396?pr=416

There was a mix-up in cvss_c3.json the biases entries was added under server-security-misconfiguration. I have added the fix and some indentation issues.

@abhinav-nain
Copy link
Collaborator

We are also missing entries for CWE for added biases, can we please check that. I have resolved all other issues.

@AN2424
Copy link

AN2424 commented Jul 1, 2024

@abhinav-nain here are the comments from Von AND @TimmyBugcrowd bout the CWEs:
Von:
so these are entirely new categories. No CWEs currently exist for such things yet. Is there a possibility we can put N/A / null for the CWE?

Timmy:
Based on my research, Biases don't directly correspond to specific CWEs because CWEs are generally centered around software vulnerabilities rather than biases inherent in data or algorithms. However, the broader categories of weaknesses related to software that can be influenced by such biases include data handling, security features, and design choices.
I can come up with some Hypothetical CWE entries that could conceptually relate to those biases. Otherwise, we need a way around to pass those checks.

From this information, @abhinav-nain can we put NA or Null for the CWEs?

@abhinav-nain
Copy link
Collaborator

@abhinav-nain here are the comments from Von AND @TimmyBugcrowd bout the CWEs: Von: so these are entirely new categories. No CWEs currently exist for such things yet. Is there a possibility we can put N/A / null for the CWE?

Timmy: Based on my research, Biases don't directly correspond to specific CWEs because CWEs are generally centered around software vulnerabilities rather than biases inherent in data or algorithms. However, the broader categories of weaknesses related to software that can be influenced by such biases include data handling, security features, and design choices. I can come up with some Hypothetical CWE entries that could conceptually relate to those biases. Otherwise, we need a way around to pass those checks.

From this information, @abhinav-nain can we put NA or Null for the CWEs?

Yes, we can modify the test to ignore these, so that we can at least move forward from this PR, and for now I dont see any technical implication of it as well so it should be all good.

@abhinav-nain
Copy link
Collaborator

@AN2424 @TimmyBugcrowd Pipeline issue is fixed.

Copy link
Collaborator

@abhinav-nain abhinav-nain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, testing done in Local

@nnons nnons merged commit 206c4b0 into master Jul 4, 2024
1 check passed
@nnons nnons deleted the Biases branch July 4, 2024 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants