CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWRAF > Stakeholders  
ID

Current Stakeholders and their motivations for CWRAF
Current Stakeholders and their motivations for CWRAF
StakeholderDescription
Software developers

want to manage their software assurance expectations for a diverse portfolio of internally-developed and third-party software packages whose deployment and safe operation are important to the business or mission.

Software acquirers

want to obtain third-party software with a reasonable level of assurance that the software provider has performed due diligence in removing or avoiding weaknesses that are most critical to the acquirer's business and mission. Related stakeholders include CIOs, CSOs, system administrators, and end users of the software.

Code analysis vendors and consultants

want to provide a consistent, community-vetted scoring mechanism for different customers.

Software development managers

create strategies for prioritizing and removing entire classes of weaknesses from the entire code base, or at least the portion that is deemed to be most at risk, by defining custom "Top-N" lists. They must understand the security implications of integrating third-party software, which may contain its own weaknesses. They may need to support distinct security requirements for each product line and customer base.

Evaluators of code analysis capabilities

evaluate the capabilities of code analysis techniques (e.g., NIST SAMATE). They could use a consistent weakness scoring mechanism to support sampling of reported findings, as well as understanding the severity of these findings without depending on ad hoc scoring methods that may vary widely by tool/technique.

Other stakeholders

include vulnerability researchers, advocates of secure development, and compliance-based analysts (e.g., PCI DSS).


More information is available — Please select a different filter.
Page Last Updated: January 18, 2017