CWE - Common Weakness Enumeration

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

News

...more

Upcoming Events

CWE/CAPEC/MAEC briefing at 6th Annual GFIRST National Conference, August 15-20
CWE/Making Security Measurable briefing and booth at 6th Annual IT Security Automation Conference, September 27-29

...more

Status Report

Version 1.9 posted June 21, 2010. There are changes to 155 entries, especially potential mitigations, names, descriptions, demonstrative examples, and references. 11 new entries were created to support an OWASP Top Ten 2010 view. There is also a minor schema change.

More Information

cwe@mitre.org

International in scope and free for public use, CWE™ provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.

Similar Standards
Attack Patterns (CAPEC) Vulnerabilities (CVE) Configurations (CCE) Platforms (CPE) Malware (MAEC)	Assessment Language (OVAL) Checklist Language (XCCDF) Log Format (CEE) Security Content Automation (SCAP) Making Security Measurable

Page Last Updated: August 12, 2010


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2010, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us