From 5c7fcc0ceefd4401f5e437b3e9b20a8de612d1de Mon Sep 17 00:00:00 2001 From: Uditbhardwajj Date: Sat, 21 Mar 2026 14:46:57 +0530 Subject: [PATCH] Correct average incidence rate for supply chain failuresFix inconsistency in average incidence rate in A03:2025 section Updated the average incidence rate from 5.19% to 5.72% to match the score table. --- 2025/docs/en/A03_2025-Software_Supply_Chain_Failures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2025/docs/en/A03_2025-Software_Supply_Chain_Failures.md b/2025/docs/en/A03_2025-Software_Supply_Chain_Failures.md index 25e70baac..a3f527a5f 100644 --- a/2025/docs/en/A03_2025-Software_Supply_Chain_Failures.md +++ b/2025/docs/en/A03_2025-Software_Supply_Chain_Failures.md @@ -3,7 +3,7 @@ ## Background. -This was top-ranked in the Top 10 community survey with exactly 50% respondents ranking it #1. Since initially appearing in the 2013 Top 10 as "A9 – Using Components with Known Vulnerabilities", the risk has grown in scope to include all supply chain failures, not just ones involving known vulnerabilities. Despite this increased scope, supply chain failures continue to be a challenge to identify with only 11 Common Vulnerability and Exposures (CVEs) having the related CWEs. However, when tested and reported in the contributed data, this category has the highest average incidence rate at 5.19%. The relevant CWEs are *CWE-477: Use of Obsolete Function, CWE-1104: Use of Unmaintained Third Party Components*, CWE-1329: *Reliance on Component That is Not Updateable*, and *CWE-1395: Dependency on Vulnerable Third-Party Component*. +This was top-ranked in the Top 10 community survey with exactly 50% respondents ranking it #1. Since initially appearing in the 2013 Top 10 as "A9 – Using Components with Known Vulnerabilities", the risk has grown in scope to include all supply chain failures, not just ones involving known vulnerabilities. Despite this increased scope, supply chain failures continue to be a challenge to identify with only 11 Common Vulnerability and Exposures (CVEs) having the related CWEs. However, when tested and reported in the contributed data, this category has the highest average incidence rate at 5.72%. The relevant CWEs are *CWE-477: Use of Obsolete Function, CWE-1104: Use of Unmaintained Third Party Components*, CWE-1329: *Reliance on Component That is Not Updateable*, and *CWE-1395: Dependency on Vulnerable Third-Party Component*. ## Score table.