The publicly available methodologies below help the community leverage the information in the CWE List in actionable ways to improve the quality of their products and/or the security of their enterprises.
Scoring Methodologies
Prioritizing Weaknesses Based Upon Your Organization's Mission
The CWE project offers several approaches for prioritizing weaknesses so that you can focus on an appropriate subset for your organization's needs. Learn how to utilize these methods to benefit from the most improvement in the resilience, reliability, and integrity of your software as soon as possible.
-
Common Weakness Scoring System (CWSS™)
CWSS provides a mechanism for scoring weaknesses in a consistent, flexible, open manner while accommodating context for various business domains. CWSS can also be used by individual developers to prioritize unfixed weaknesses within their own software.
Common Weakness Risk Analysis Framework (CWRAF™)
CWRAF, used in conjunction with CWSS, will provide your organization with a tailored
"Top XX" list of common weaknesses.
CWE/SANS Top 25 Most Dangerous Software Errors
The CWE/SANS Top 25 Most Dangerous Software Errors is a periodically updated list of the most prevalent and easily exploited software common weaknesses as assessed by over 20 industry experts.
Feedback
Please send any comments or questions about scoring, prioritizing, and/or mitigating CWEs to cwe@mitre.org so that we may assist you in deploying these tools.
