They Know Your Weaknesses Do You?: Reintroducing Common Weakness Enumeration
Yan Wu, Yaacov Yesha, Irena Bojanova, Paul E. Black
Knowing what makes your software systems vulnerable to attacks will be exceptionally critical in the emerging future of interdependent clouds, cyber-physical systems, mobile apps, and big data sets. The Common Weakness Enumeration (CWE) is a respectable community effort that sets up the foundations for such knowledge. In this paper, we present the concept, history, and content of CWE. We discuss the relevant body of knowledge that consolidates CWE, the related Semantic Template and Software Fault Pattern efforts, and how static analysis tools add value through CWEs. We also provide future directions, introduce our vision on CWE formalization, and provoke further discussions on CWE value for not only Software Assurance community, but for Computer Science as a whole.
, Yesha, Y.
, Bojanova, I.
and Black, P.
They Know Your Weaknesses – Do You?: Reintroducing Common Weakness Enumeration, Computer: Special Issue on Software Testing, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=914324
(Accessed July 27, 2021)