Common Weakness Enumeration

It is sustained by a community project with the goals of understanding flaws in software and hardware and creating automated tools that can be used to identify, fix, and prevent those flaws.

[6] CWE has over 600 categories, including classes for buffer overflows, path/directory tree traversal errors, race conditions, cross-site scripting, hard-coded passwords, and insecure random numbers.

[7] Common Weakness Enumeration (CWE) Compatibility program allows a service or a product to be reviewed and registered as officially "CWE-Compatible" and "CWE-Effective".

The program assists organizations in selecting the right software tools and learning about possible weaknesses and their possible impact.

In order to obtain CWE Compatible status a product or a service must meet 4 out of 6 requirements, shown below: There are 56 organizations as of September 2019 that develop and maintain products and services that achieved CWE Compatible status.