Abstract
CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. It assigns a unique number to weakness types such as buffer overruns or cross-site scripting bugs (for example, CWE- 327 is Use of a Broken or Risky Cryptographic Algorithm). Shortly after the Top 25 list's release, Microsoft unveiled a document entitled, The Microsoft SDL and the CWE/SANS Top 25, to explain how Microsoft's security processes can help prevent the worst offenders (http://blogs.msdn.com/sdl/ archive/2009/01/27/sdl-and-the -cwe-sans-top-25. aspx).
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
