A CWE é uma tentativa de enumeração de todas (!) as vulnerabilidades de software, com base numa série de taxonomias anteriores:
"Targeted to developers and security practitioners, the Common Weakness Enumeration (CWE) is a formal list of software weaknesses created to:
* Serve as a common language for describing software security weaknesses in architecture, design, or code.
* Serve as a standard measuring stick for software security tools targeting these weaknesses.
* Provide a common baseline standard for weakness identification, mitigation, and prevention efforts."
Página de entrada: http://cwe.mitre.org/
Sobre a CWE: http://cwe.mitre.org/about/
Taxonomias: http://cwe.mitre.org/about/sources.html
Árvore de classificação: http://cwe.mitre.org/data/
