CWE (Common Weakness Enumeration)

CWE is a hierarchical catalogue maintained by MITRE that classifies the root-cause weakness categories behind vulnerabilities, such as CWE-79 (Cross-Site Scripting) or CWE-787 (Out-of-Bounds Write). Where a CVE describes a specific defective product, the CWE explains the class of mistake that produced it. CWEs feed the annual CWE Top 25 Most Dangerous Software Weaknesses, are used by SAST tools to label findings, and underpin secure-coding training. They give engineers a common vocabulary to discuss design and coding pitfalls and to map controls in secure-development lifecycles.