Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE Top 25 Most Dangerous Software Errors
Home > Scoring CWEs  

Scoring CWEs

The publicly available methodologies below help the community leverage the information in the CWE List in actionable ways to improve the quality of their products and/or the security of their enterprises.

Scoring Methodologies

  • Prioritizing Weaknesses Based Upon Your Organization's Mission
    The CWE project offers several approaches for prioritizing weaknesses so that you can focus on an appropriate subset for your organization's needs. Learn how to utilize these methods to benefit from the most improvement in the resilience, reliability, and integrity of your software as soon as possible.

  • Common Weakness Scoring System (CWSS™)
    CWSS provides a mechanism for scoring weaknesses in a consistent, flexible, open manner while accommodating context for various business domains. CWSS can also be used by individual developers to prioritize unfixed weaknesses within their own software.

  • Common Weakness Risk Analysis Framework (CWRAF™)
    CWRAF, used in conjunction with CWSS, will provide your organization with a tailored "Top XX" list of common weaknesses.

  • CWE Top 25 Most Dangerous Software Errors
    The CWE Top 25 Most Dangerous Software Errors is a periodically updated list of the most prevalent and easily exploited software common weaknesses as assessed by over 20 industry experts.


Please send any comments or questions about scoring, prioritizing, and/or mitigating CWEs to so that we may assist you in deploying these tools.

More information is available — Please select a different filter.
Page Last Updated: September 18, 2019