Wu, Y.
, Yesha, Y.
, Bojanova, I.
and Black, P.
(2016),
They Know Your Weaknesses – Do You?: Reintroducing Common Weakness Enumeration, Computer: Special Issue on Software Testing, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=914324
(Accessed April 25, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
They Know Your Weaknesses Do You?: Reintroducing Common Weakness Enumeration
Published
Author(s)
, , Irena Bojanova,
Abstract
Knowing what makes your software systems vulnerable to attacks will be exceptionally critical in the emerging future of interdependent clouds, cyber-physical systems, mobile apps, and big data sets. The Common Weakness Enumeration (CWE) is a respectable community effort that sets up the foundations for such knowledge. In this paper, we present the concept, history, and content of CWE. We discuss the relevant body of knowledge that consolidates CWE, the related Semantic Template and Software Fault Pattern efforts, and how static analysis tools add value through CWEs. We also provide future directions, introduce our vision on CWE formalization, and provoke further discussions on CWE value for not only Software Assurance community, but for Computer Science as a whole.Citation
Computer: Special Issue on Software Testing
Pub Type
Journals
Download Paper
Keywords
Common Weakness Enumeration, Semantic Template, Software Fault Pattern, Static Analysis Tool, Formalization
Citation
Created May 1, 2016, Updated May 4, 2021