2023 “On the Cusp” Weaknesses InsightsThe 2023 CWE Top 25 Most Dangerous Software Weaknesses list is a practical and convenient resource to help mitigate software security risk. But the complete dataset analyzed had 144 total weaknesses that were recorded, analyzed, and ranked. Beyond the Top 25, those performing mitigation and risk decision-making should consider these additional “On the Cusp” weaknesses in their efforts as they too can become severe, exploitable vulnerabilities under the right conditions. Following are some observations on the weaknesses that did not make the 2023 CWE Top 25 list. AnalysisThe On the Cusp list comprises CWEs ranked in positions 26-40, per the 2023 CWE Top 25 Methodology. These CWEs continue to be prevalent and serious enough to cause concern. Three CWEs have increased in rank to move them into this year’s On the Cusp list:
Two CWEs that were on the 2022 CWE Top 25 list dropped to the 2023 On the Cusp list:
Three CWEs that were on the 2022 On the Cusp list dropped out of this year’s On the Cusp list altogether (dropping to a position below the rank 40):
|