CWE (Common Weakness Enumeration)
What is CWE (Common Weakness Enumeration)?
CWE (Common Weakness Enumeration)A community-developed taxonomy of software and hardware weakness types — the underlying flaw classes that lead to vulnerabilities.
CWE is a hierarchical catalogue maintained by MITRE that classifies the root-cause weakness categories behind vulnerabilities, such as CWE-79 (Cross-Site Scripting) or CWE-787 (Out-of-Bounds Write). Where a CVE describes a specific defective product, the CWE explains the class of mistake that produced it. CWEs feed the annual CWE Top 25 Most Dangerous Software Weaknesses, are used by SAST tools to label findings, and underpin secure-coding training. They give engineers a common vocabulary to discuss design and coding pitfalls and to map controls in secure-development lifecycles.
● Examples
- 01
CWE-89 — SQL Injection.
- 02
CWE-416 — Use After Free.
● Frequently asked questions
What is CWE (Common Weakness Enumeration)?
A community-developed taxonomy of software and hardware weakness types — the underlying flaw classes that lead to vulnerabilities. It belongs to the Vulnerabilities category of cybersecurity.
What does CWE (Common Weakness Enumeration) mean?
A community-developed taxonomy of software and hardware weakness types — the underlying flaw classes that lead to vulnerabilities.
How do you defend against CWE (Common Weakness Enumeration)?
Defences for CWE (Common Weakness Enumeration) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CWE (Common Weakness Enumeration)?
Common alternative names include: Weakness type, CWE identifier.