Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE Top 25 > Documents & Podcasts  

CWE/SANS Top 25 Documents & Podcasts

Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities

May/June, 2009IEEE Security and Privacy, vol. 7

OWASP Interview with MITRE

February 23, 2009 — OWASP Podcast Series #11

Federal Security Spotlight

February 5, 2009 — Federal Security Spotlight this week looks behind the scenes in the creation of a new tool for security professionals. The Top 25 Most Dangerous Programming Errors are found in government and industry software, and if programmers can be trained not to write them in, cyber security could improve. The list was the joint work of Mitre Corporation and the SANS Institute, and we talk to Bob Martin, a software expert at Mitre; and Alan Paller, the research and education head of SANS Institute. (Links mentioned during the show: SANS TOP 25 Most Dangerous Programming Errors, Application Security Procurement Language)

SDL and the CWE/SANS Top 25

January 27, 2009 — MSDN Blogs: The Security Development Lifecycle

Application Security Procurement Language

New York State has produced draft procurement standards to allow companies to buy software with security baked in.

If you wish to join the working group to help improve the procurement guidelines you can go to the New York State Cyber Security and Critical Infrastructure Coordination web site

Draft New York State procurement language will be posted at

Static Analysis Tool Exposition (SATE) 2008

Editors: Vadim Okun, Romain Gaucher, Paul E. Black

Page Last Updated: June 27, 2011