Content deleted Content added
Added a citation |
m updated version |
||
Line 1:
The '''Common Weakness Enumeration''' (CWE) is a category system for hardware and software weaknesses and vulnerabilities. It is sustained by a community project with the goals of understanding flaws in software and hardware and creating automated tools that can be used to identify, fix, and prevent those flaws.<ref>{{cite web |url=http://cwe.mitre.org/about/index.html |title=CWE - About CWE|publisher=at mitre.org}}</ref> The project is sponsored by the [[National Cybersecurity FFRDC]], which is operated by [[Mitre Corporation|The MITRE Corporation]], with support from [[US-CERT]] and the [[National Cyber Security Division]] of the U.S. Department of Homeland Security.<ref>[https://nvd.nist.gov/vuln/categories National Vulnerabilities Database CWE Slice] at nist.gov</ref><ref>{{Cite journal |last=Goseva-Popstojanova |first=Katerina |last2=Perhinschi |first2=Andrei |date=2015 |title=On the capability of static code analysis to detect security vulnerabilities |url=https://linkinghub.elsevier.com/retrieve/pii/S0950584915001366 |journal=Information and Software Technology |language=en |volume=68 |pages=18–33 |doi=10.1016/j.infsof.2015.08.002}}</ref>
Version 4.10 of the CWE standard was released in July 2021.<ref>
{{cite web|url=https://cwe.mitre.org/news/index.html#january312023_CWE_Version_4.10_Now_Available|title=CWE Version 4.10 Now Available|publisher=The MITRE Corporation|access-date=9 March 2022}}
</ref>
CWE has over 600 categories, including classes for buffer overflows, path/directory tree traversal errors, race conditions, [[cross-site scripting]], hard-coded passwords, and insecure random numbers.<ref name=samate>[https://samate.nist.gov/BF/Enlightenment/CWE.html The Bugs Framework (BF) / Common Weakness Enumeration (CWE)] at nist.gov</ref>
| |||