What is the Common Weakness Enumeration (CWE) initiative?
International in scope and free for public use, the Common Weakness Enumeration (CWE) is a community-developed dictionary of software weaknesses. The CWE is a publicly available resource that is collaboratively evolving through public-private contributions. CWE provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems, as well as better understanding and management of software weaknesses related to architecture and design. CWE is used in industry and the standards community with National Institute of Standards and Technology (NIST), the Object Management Group (OMG), and the Open Web Application Security Project (OWASP) to provide the common language in addressing software security concerns. The CWE website provides information about the stakeholder community and related activities, such as the Common W