From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Unlock the full course today

Join today to access over 24,400 courses taught by industry experts.

Common Weakness Enumeration (CWE)

Common Weakness Enumeration (CWE)

From the course: ISC2 Certified Secure Software Lifecycle Professional (CSSLP) (2023) Cert Prep

Start my 1-month free trial Buy for my team

Common Weakness Enumeration (CWE)

- [Instructor] While the OWASP Top 10 list has gained a significant following, it's not the only resource at your disposal. Another source for helping you find application security vulnerabilities is the Common Weakness Enumeration, or CWE, list from MITRE. In the early 2000s, the MITRE Corporation, a nonprofit focused on security research for US federal agencies, joined forces with US-CERT and the US Department of Homeland Security to build a system to categorize hardware and software vulnerabilities. The system is known as CWE, or Common Weakness Enumeration. In 2010, MITRE teamed up with SANS to identify the top 25 most dangerous software errors, using MITRE's CWE as the foundation for that activity. By combining their research, they were able to create a more detailed, more robust list than the OWASP Top 10, providing security testers with even deeper insights into application security risks they should consider. The list remained static from 2011 until 2019, when it received its…

Contents