UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ITU-T X.1524

Common weakness enumeration

active, Most Current
Buy Now
Organization: ITU-T
Publication Date: 1 March 2012
Status: active
Page Count: 22
scope:

This Recommendation on the use of the common weakness enumeration (CWE) provides a "structured means" for the global exchange of information about software security weaknesses in architecture, design, code, or deployment that can make software systems insecure, unreliable and vulnerable to attack. Security tools, assessment services, and some types of security reviews can detect these types of software weaknesses. This "structured means" is often referred to as "CWE Compatibility" and defines the correct use of CWE. An information security weakness is a mistake in the software that could result in a vulnerability that can be used by a hacker to gain access to a system or network. The assignment of CWE identifiers is not within the scope of this Recommendation. A list of repositories for CWE identifiers and the associated context information is available in Appendix I.

The intention of CWE, the use of which is defined in this Recommendation, is to be comprehensive with respect to the software architecture, design, coding, and deployment errors that are the root causes of vulnerabilities and exposures. While CWE is designed to contain mature information, the primary focus is on identifying, educating, and describing these root causes of vulnerabilities and exposures so they can be avoided by developers, tested for, and managed by development teams as well as consistently reported by security tools and services.

This Recommendation is technically equivalent to and compatible with the "Requirements and Recommendation for CWE Compatibility and Effectiveness", version 1.0, dated July 28, 2011 https://cwe.mitre.org/compatible/requirements.html.

Document History

ITU-T X.1524
March 1, 2012
Common weakness enumeration
This Recommendation on the use of the common weakness enumeration (CWE) provides a "structured means" for the global exchange of information about software security weaknesses in architecture,...

References

Advertisement