Definition

Common Weakness Enumeration (CWE)

Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software. The dictionary is maintained by the MITRE Corporation and can be accessed free on a worldwide basis. The purpose of CWE is to facilitate the effective use of tools that can identify, find and resolve bugs, vulnerabilities and exposures in computer software before the programs are publicly distributed or sold.

CWE has been assembled in three levels called tiers. The top tier divides known weaknesses into a few large, general classes for discussion among enterprise management people, academics, researchers and vendors. The middle tier consists of several dozen groups of definitions categorized for use by security experts, system administrators and software developers. The lower tier is the full list, intended for people at all levels including personal computer (PC) users. The entries in CWE are numbered for reference.

CWE is compiled and updated by a diverse, international group of experts from business, academic institutions and government agencies, ensuring breadth and depth of content. CWE provides standardized terminology, allows service providers to inform users of specific potential weaknesses and proposed resolutions, allows software buyers to compare similar products offered by multiple vendors and allows legal personnel to formalize contracts, terms and conditions relevant to software use.

This was last updated in March 2011

Continue Reading About Common Weakness Enumeration (CWE)

Dig Deeper on Security operations and management

Networking
CIO
Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing
ComputerWeekly.com
Close