Common Weakness Enumeration


A CWE é uma tentativa de enumeração de todas (!) as vulnerabilidades de software, com base numa série de taxonomias anteriores:

"Targeted to developers and security practitioners, the Common Weakness Enumeration (CWE) is a formal list of software weaknesses created to:

* Serve as a common language for describing software security weaknesses in architecture, design, or code.
* Serve as a standard measuring stick for software security tools targeting these weaknesses.
* Provide a common baseline standard for weakness identification, mitigation, and prevention efforts."

Página de entrada: http://cwe.mitre.org/

Sobre a CWE: http://cwe.mitre.org/about/

Taxonomias: http://cwe.mitre.org/about/sources.html

Árvore de classificação: http://cwe.mitre.org/data/