CWE - Common Weakness Enumeration

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Contact Us
Search the Site

News

•	CWE Version 2.2 Now Available
•	1 Product from NIST Now Registered as Officially "CWE-Compatible"
•	WebLayer Makes Declaration of CWE Compatibility
•	Registration Now Open for MITRE’s Security Automation Developer Days 2012 on July 9-13
•	CWRAF/CAPEC briefings at Systems & Software Technology Conference 2012
•	1 Product from SECURITY-DATABASE Now Registered as Officially "CWE-Compatible"

...more

Upcoming Events

•	CAPEC/Software Assurance briefing at (ISC)² SecureSDLC 2012, May 17
•	CWE/CAPEC/CybOX/MAEC/Software Assurance briefings at DHS/DoD SwA Working Group Meeting, June 25-29

...more

Status Report

Version 2.2 May 14, 2012. 23 new entries were created for new CWE cross-section and Software Fault Patterns views. There were major changes to 683 entries, primarily affecting attack patterns, references, demonstrative examples, observed examples, and common consequences. There were no schema updates.

More Information

cwe@mitre.org

International in scope and free for public use, CWE™ provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.

Related Efforts
Attack Patterns (CAPEC) Vulnerabilities (CVE) Configurations (CCE) Platforms (CPE) Malware (MAEC) Cyber Observables (CybOX)	Assessment Language (OVAL) Checklist Language (XCCDF) Log Format (CEE) Security Content Automation (SCAP) Build Security In Making Security Measurable

Page Last Updated: May 14, 2012


	CWE is co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us