CWE - Common Weakness Enumeration

Status Report

Version 2.8 posted July 31, 2014. There were 58 new entries. There were major changes to 638 entries in support of Software Fault Patterns and the State-of-the-Art Resources (SOAR) report, primarily affecting names, relationships, detection methods, taxonomy mappings, and demonstrative examples. There was a minor schema update. Read the release notes.

More Information

cwe@mitre.org

CWE Glossary Definition

Click to open a new browser window, displaying a full-size diagram of Building CWE Consensus

Enlarge

CWE™ International in scope and free for public use, CWE provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.

CWE in the Enterprise
Software Assurance Application Security Supply Chain Risk Management System Assessment Training	Code Analysis Remediation & Mitigation NVD (National Vulnerability Database) Recommendation ITU-T X.1524 CWE, ITU-T CYBEX Series

Related Efforts
Vulnerabilities (CVE) Attack Patterns (CAPEC) Cyber Observables (CybOX) Malware (MAEC) Structured Threat Information (STIX)	Weakness Scoring System (CWSS) Weakness Risk Analysis Framework (CWRAF) Build Security In (BSI) Making Security Measurable (MSM)

Page Last Updated: July 31, 2014


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2015, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us