CWE - Common Weakness Enumeration

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS
CWRAF
T-Shirt

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Coverage Claims Representation
Declarations
Make a Declaration

Contact Us
Search the Site

News

•	NETpeas Makes CWE Compatibility Declaration
•	CXSecurity Makes CWE Compatibility Declaration
•	CWE/SANS Top 25 Is Main Focus of Article in eWeek.com
•	MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2012
•	CWE/CAPEC/MAEC/Software Assurance briefings at DHS/DoD SwA Working Group Meeting Session
•	CWE Mentioned in Article about Cloud Security in SDTimes.com

...more

Upcoming Events

•	CWE/Making Security Measurable booth at RSA Conference 2012, February 27 - March 2, 2012

...more

Status Report

Version 2.1 posted September 13, 2011. There are major changes to 133 entries; 16 new entries for the CERT C++ Secure Coding Standard, changes to 97 taxonomy mappings to support the various CERT coding standards for C, C++, and Java; and modifications to over 30 entries for potential mitigations and references, in support of an updated pocket guide for mitigating the Top 25, which will be released in the future. The schema was also updated to support reference management in future CWE versions.

More Information

cwe@mitre.org

International in scope and free for public use, CWE™ provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.

Related Efforts
Attack Patterns (CAPEC) Vulnerabilities (CVE) Configurations (CCE) Platforms (CPE) Malware (MAEC) Cyber Observables (CybOX)	Assessment Language (OVAL) Checklist Language (XCCDF) Log Format (CEE) Security Content Automation (SCAP) Build Security In Making Security Measurable

Page Last Updated: January 25, 2012


	CWE is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us