Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

They Know Your Weaknesses – Do You?: Reintroducing Common Weakness Enumeration

Published

Author(s)

Yan Wu, Yaacov Yesha, Irena Bojanova, Paul E. Black

Abstract

Knowing what makes your software systems vulnerable to attacks will be exceptionally critical in the emerging future of interdependent clouds, cyber-physical systems, mobile apps, and big data sets. The Common Weakness Enumeration (CWE) is a respectable community effort that sets up the foundations for such knowledge. In this paper, we present the concept, history, and content of CWE. We discuss the relevant body of knowledge that consolidates CWE, the related Semantic Template and Software Fault Pattern efforts, and how static analysis tools add value through CWEs. We also provide future directions, introduce our vision on CWE formalization, and provoke further discussions on CWE value for not only Software Assurance community, but for Computer Science as a whole.
Citation
Computer: Special Issue on Software Testing

Keywords

Common Weakness Enumeration, Semantic Template, Software Fault Pattern, Static Analysis Tool, Formalization

Citation

Wu, Y. , Yesha, Y. , Bojanova, I. and Black, P. (2016), They Know Your Weaknesses – Do You?: Reintroducing Common Weakness Enumeration, Computer: Special Issue on Software Testing, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=914324 (Accessed July 27, 2021)
Created May 1, 2016, Updated May 4, 2021