skip to main content
research-article

Common weakness enumeration (CWE) status update

Published:01 April 2008Publication History
Skip Abstract Section

Abstract

This paper is a status update on the Common Weakness Enumeration (CWE) initiative [1], one of the efforts focused on improving the utility and effectiveness of code-based security assessment technology. As hoped, the CWE initiative has helped to dramatically accelerate the use of tool-based assurance arguments in reviewing software systems for security issues and invigorated the investigation of code implementation, design, and architecture issues with automation.

References

  1. "The Common Weakness Enumeration (CWE) Initiative", MITRE Corporation, (http://cwe.mitre.org/).Google ScholarGoogle Scholar
  2. Martin, R., Barnum, S., "A Status Update: The Common Weaknesses Enumeration". Proceedings of the Static Analysis Summit, NIST Special Publication 500--262, July 2006.Google ScholarGoogle Scholar
  3. "The Software Assurance Metrics and Tool Evaluation (SAMATE) project", National Institute of Science and Technology (NIST), (http://samate.nist.gov).Google ScholarGoogle Scholar
  4. "The OMG Software Assurance (SwA) Special Interest Group", (http://swa.omg.org).Google ScholarGoogle Scholar
  5. "ISO/IEC JTC 1/SC22/ Other Working Group: Vulnerabilities", ISO/IEC JTC 1/SC 22 Secretariat, (http://www.aitcnet.org/isai/).Google ScholarGoogle Scholar
  6. "SANS Software Security Institute", SANS Institute, (http://www.sans-ssi.org/).Google ScholarGoogle Scholar
  7. "The Common Weakness Enumeration (CWE) Community", MITRE Corporation, (http://cwe.mitre.org/community/).Google ScholarGoogle Scholar
  8. "The Preliminary List Of Vulnerability Examples for Researchers (PLOVER)", MITRE Corporation, (http://cve.mitre.org/docs/plover/).Google ScholarGoogle Scholar
  9. "Introduction to Vulnerability Theory" and "Structured CWE Descriptions Documents", MITRE Corporation, (http://cwe.mitre.org/about/documents.html).Google ScholarGoogle Scholar
  10. The Common Attack Pattern Enumeration and Classification (CAPEC) Initiative", Cigital, Inc. and MITRE Corporation, (http://capec.mitre.org/).Google ScholarGoogle Scholar
  11. "The Common Weakness Enumeration (CWE) Compatibility Declarations", MITRE Corporation, (http://cwe.mitre.org/compatible/organizations.html).Google ScholarGoogle Scholar
  12. Martin, R. A., Christey, S., "Being Explicit About Software Weaknesses". "Black Hat DC Training 2007, "February, 2007 Arlington, VA.Google ScholarGoogle Scholar
  13. Martin, R. A., "Being Explicit About Security Weaknesses". "Cross Talk: The Journal of Defense Software Engineering", (http://www.stsc.hill.af.mil/CrossTalk/2007/03/), March 2007.Google ScholarGoogle Scholar
  14. Martin, R. A., Christey, S., Jarzombek, J., "The Case for Common Flaw Enumeration". "NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics", November, 2005 Long Beach, CA.Google ScholarGoogle Scholar
  15. "OWASP Top Ten Project 2007", Open Web Application Security Project, (http://www.owasp.org/index.php/Top_10_2007).Google ScholarGoogle Scholar
  16. "National Vulnerability Database (NVD)", National Institute of Science and Technology (NIST), (http://nvd.nist.gov/nvd.cfm).Google ScholarGoogle Scholar

Index Terms

  1. Common weakness enumeration (CWE) status update

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM SIGAda Ada Letters
          ACM SIGAda Ada Letters  Volume XXVIII, Issue 1
          April 2008
          74 pages
          ISSN:1094-3641
          DOI:10.1145/1387830
          Issue’s Table of Contents

          Copyright © 2008 Authors

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 1 April 2008

          Check for updates

          Qualifiers

          • research-article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!