CWE - Common Weakness Enumeration

Status Report

Version 2.9 posted December 7, 2015. There was 1 new entry with a new view for the CWE List used by NVD. There were major changes to 119 entries, primarily affecting relationships. There were no schema updates. Read the release notes.

More Information

cwe@mitre.org

CWE Glossary Definition

Click to open a new browser window, displaying a full-size diagram of Building CWE Consensus

Enlarge

CWE™ International in scope and free for public use, CWE provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.

CWE in the Enterprise
Software Assurance Application Security Supply Chain Risk Management System Assessment Training	Code Analysis Remediation & Mitigation NVD (National Vulnerability Database) Recommendation ITU-T X.1524 CWE, ITU-T CYBEX Series

Related Efforts
Vulnerabilities (CVE) Attack Patterns (CAPEC) Malware (MAEC)	Weakness Scoring System (CWSS) Weakness Risk Analysis Framework (CWRAF) Build Security In (BSI)

Page Last Updated: June 07, 2016


	Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org. CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2006-2015, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.	Privacy policy Terms of use Contact us