CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > Scoring CWEs  
ID

Scoring CWEs

The publicly available methodologies below help the community leverage the information in the CWE List in actionable ways to improve the quality of their products and/or the security of their enterprises.

Scoring Methodologies

  • Prioritizing Weaknesses Based Upon Your Organization's Mission
    The CWE project offers several approaches for prioritizing weaknesses so that you can focus on an appropriate subset for your organization's needs. Learn how to utilize these methods to benefit from the most improvement in the resilience, reliability, and integrity of your software as soon as possible.

  • Common Weakness Scoring System (CWSS™)
    CWSS provides a mechanism for scoring weaknesses in a consistent, flexible, open manner while accommodating context for various business domains. CWSS can also be used by individual developers to prioritize unfixed weaknesses within their own software.

  • Common Weakness Risk Analysis Framework (CWRAF™)
    CWRAF, used in conjunction with CWSS, will provide your organization with a tailored "Top XX" list of common weaknesses.

  • CWE/SANS Top 25 Most Dangerous Software Errors
    The CWE/SANS Top 25 Most Dangerous Software Errors is a periodically updated list of the most prevalent and easily exploited software common weaknesses as assessed by over 20 industry experts.

Feedback

Please send any comments or questions about scoring, prioritizing, and/or mitigating CWEs to cwe@mitre.org so that we may assist you in deploying these tools.


More information is available — Please select a different filter.
Page Last Updated: June 06, 2017