The free tools below help the community to leverage the information in the CWE List in actionable ways to improve the quality of their products and/or the security of their enterprises.
Common Weakness Scoring System (CWSS™)
Mechanism for scoring the severity of CWEs discovered in an enterprises’ software applications, especially when used in conjunctions with CWRAF. CWSS can also be used by individual developers to prioritize unfixed weaknesses within their own software.
Common Weakness Risk Analysis Framework (CWRAF™)
A way for organizations to apply CWSS using specialized scenarios, or "vignettes," in order to prioritize those CWEs that are most relevant to their own businesses, missions, and deployed technologies.
CWE/SANS Top 25 Most Dangerous Software Errors
Annual community consensus list prioritizing the most widespread and critical software weaknesses in the CWE List. Mitigations for those top weaknesses are also included.
Please send any comments or questions about scoring, prioritizing, and/or mitigating CWEs to email@example.com so that we may assist you in deploying these tools.