CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > News > News & Events - 2024  
ID

News & Events - 2024

Right-click and copy a URL to share an article. Send feedback about this page to cwe@mitre.org.

CWE Podcast: “Red Hat’s CWE Journey”

January 18, 2024 | Share this article

Out-Of-Bounds Read” is the CWE Program’s free podcast about common weaknesses in software and hardware, the vulnerabilities they cause, how to reduce them, and how using CWE can help make products more secure by design.

In our latest episode, CWE Program Lead Alec Summers talks with Red Hat’s Przemyslaw Roguski, CWE Technical Lead Steve Christey, and CWE Top 25 Lead Connor Mullaly, about Common Weakness Enumeration (CWE™) and the problem it solves; how Red Hat’s experience and relationship with CWE began and developed over time; how Red Hat uses CWE today, especially “CWE-699: Software Development”; how CWE’s different “views” can be used to educate and enable new and/or existing CWE users; CWE mappings and why mapping to CWEs/root cause weaknesses is important in vulnerability disclosure; the CWE Top 25 list; CWE in the software development lifecycle; how ongoing development of CWE benefits users; and more.

Out of Bounds Read podcast - Red Hat - Our CWE Story

Additional details about Red Hat’s ongoing use of CWE are included in these two articles on the Red Hat blog, “Red Hat’s CWE journey” and “Weakness risk-patterns: A Red Hat way to identify poor software practices in the secure development lifecycle.”

The podcast is available for free on the CWE Program Channel on YouTube. Please give our latest episode a listen and let us know what you think by commenting on YouTube, X-Twitter, LinkedIn, Mastodon, or by email. We look forward to hearing from you!

“2023 CWE Top 10 KEV Weaknesses” List Now Available!

December 14, 2023 | Share this article

The “2023 CWE Top 10 KEV Weaknesses” list, which lists the top ten CWEs in the Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities (KEV) Catalog,” is now available on the CWE website.

The KEV is a database of security flaws in software applications and weaknesses that have been exposed and leveraged by attackers. Each vulnerability listed in KEV is identified by, and links to, a CVE Record. CISA recommends that organizations monitor the KEV catalog and use its content to help prioritize remediation activities in their systems to reduce the likelihood of compromise.

Our analysis/key insights about the 2023 Top 10 KEV Weaknesses list are available here, and our methodology for creating the list is here.

Cookie Notice and Ability for Visitors to Manage Cookies Added to CWE Website

December 14, 2023 | Share this article

The CWE Program has added a Cookie Notice that explains how cookies are used on the cwe.mitre.org website as well as the ability for website visitors to Manage Cookies in the footer.

Both links are available in the CWE website footer.

CWE Program Privacy Policy Updated

December 14, 2023 | Share this article

We have updated the CWE Program Privacy Policy. The updated policy is available here.

The link is available in the CWE website footer.

Page Last Updated: January 19, 2024