CWE - Scoring CWEs

Home > Scoring CWEs

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives
Contact Us

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Search the Site

Section Contents
Scoring CWEs
CWSS
CWRAF
Top 25
Other Items of Interest
Getting Started in Software Assurance (SwA)
Terms of Use

Scoring CWEs

The free tools below help the community to leverage the information in the CWE List in actionable ways to improve the quality of their products and/or the security of their enterprises.

Tools

Common Weakness Scoring System (CWSS™)
Mechanism for scoring the severity of CWEs discovered in an enterprises’ software applications, especially when used in conjunctions with CWRAF. CWSS can also be used by individual developers to prioritize unfixed weaknesses within their own software.

Common Weakness Risk Analysis Framework (CWRAF™)
A way for organizations to apply CWSS using specialized scenarios, or "vignettes," in order to prioritize those CWEs that are most relevant to their own businesses, missions, and deployed technologies.

CWE/SANS Top 25 Most Dangerous Software Errors
Annual community consensus list prioritizing the most widespread and critical software weaknesses in the CWE List. Mitigations for those top weaknesses are also included.

Feedback

Please send any comments or questions about scoring, prioritizing, and/or mitigating CWEs to cwe@mitre.org so that we may assist you in deploying these tools.

Page Last Updated: May 15, 2012


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us