Common Weakness Enumeration

Latest Version

At its core, the Common Weakness Enumeration (CWE™) is a list of software and hardware weaknesses types. Creating the list is a community initiative aimed at creating specific and succinct definitions for each common weakness type. By leveraging the widest possible group of interests and talents, the hope is to ensure that item in the list is adequately described and differentiated. This is a living effort with ongoing work to capture the specific effects, behaviors, exploit mechanisms, and implementation details within the CWE List as well as to review and revise the presentation approaches to provide those that best suit the community using this information.

Navigate CWE

Use one of the hierarchical representations below to navigate the entire list according to your specific point of view. The Software Development representation groups weaknesses around concepts that are frequently used or encountered in software development, while the Hardware Design representation groups weaknesses around concepts that are frequently used or encountered in hardware design. The Research Concepts representation facilitates research into weakness types and organizes items by behaviors using multiple levels of abstraction.

External Mappings

These views are used to represent mappings to external groupings such as a Top-N list, as well as to express subsets of entries that are related by some external factor.

Helpful Views

A number of additional helpful views have been created. These are based on a specific criteria and hope to provide insight for a certain domain or use case.

Obsolete Views

The views below have been marked obsolete. They are still valid but no longer considered relevant, likely because each has been superseded by a more recent view.