The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security.

The software vulnerabilities may be found in code, or may be the design problems, or system architecture problems.

Each individual CWE represents a single vulnerability type. CWE is currently maintained by the MITRE Corporation with support from the National Cyber Security Division (DHS).

A detailed CWE list is currently available at the MITRE website ( This list provides a detailed definition for each individual CWE.

All individual weaknesses are held within a hierarchical structure.

CWEs at deeper levels in the structure (i.e. Cross Site Scripting) provide a finer granularity and usually have fewer or no children CWEs.

[caption id=”attachment_2114” align=”alignleft” width=”640”]cwe CWE structure[/caption]

The image represents just a portion of the overall CWE structure. Please check the following links for more info.


tags: & category: -