Visible to the public Toward Precise and Accurate Descriptions of Weaknesses


MITRE's Common Weakness Enumeration (CWE) is a list of several hundred classes of weakness that may be found in software. While it is a huge amount of progress over what was available a decade ago, there is still a lot of work to do. We propose some directions to significantly improve CWEs. These directions come from semantic templates, software fault patterns, and other work.