“The main goal of the CWE initiative is to stop vulnerabilities at the source by educating software acquirers, architects, designers, and programmers on how to eliminate the most common mistakes before software is delivered.”
-CWE FAQ
- The CWE (Common Weakness Enumeration) is a list of problems that can occur in code and lead to exploitable security issues.
- CWE complements CVE (Common Vulnerabilities and Exposures) by describing the code that lies behind software vulnerabilities.
- CWE has been built by many contributors from the software security community. It’s managed by Mitre and sponsored by the US Computer Emergency Readiness Team (US-CERT) and the U.S. Department of Homeland Security (DHS).
- This list of over 800 types of problems that can occur in code is comprehensive, but can be overwhelming. For this reason, there is a “Top 25” version based on common issues that usually result in highly negative outcomes. It’s a simple way to get started by focusing on things that matter the most and are most likely to happen.