Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

They Know Your Weaknesses – Do You?: Reintroducing Common Weakness Enumeration



Yan Wu, Yaacov Yesha, Irena Bojanova, Paul E. Black


Knowing what makes your software systems vulnerable to attacks will be exceptionally critical in the emerging future of interdependent clouds, cyber-physical systems, mobile apps, and big data sets. The Common Weakness Enumeration (CWE) is a respectable community effort that sets up the foundations for such knowledge. In this paper, we present the concept, history, and content of CWE. We discuss the relevant body of knowledge that consolidates CWE, the related Semantic Template and Software Fault Pattern efforts, and how static analysis tools add value through CWEs. We also provide future directions, introduce our vision on CWE formalization, and provoke further discussions on CWE value for not only Software Assurance community, but for Computer Science as a whole.
Computer: Special Issue on Software Testing


Common Weakness Enumeration, Semantic Template, Software Fault Pattern, Static Analysis Tool, Formalization


Wu, Y. , Yesha, Y. , Bojanova, I. and Black, P. (2016), They Know Your Weaknesses – Do You?: Reintroducing Common Weakness Enumeration, Computer: Special Issue on Software Testing, [online], (Accessed July 19, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created May 1, 2016, Updated May 4, 2021