CWE

The Common Weakness Enumeration (CWE) is a community-created catalog of software and hardware weakness types intended to provide a standardized vocabulary for describing, discussing, and addressing software defects. It is designed to help stakeholders—developers, security testers, educators, and managers—understand root causes of vulnerabilities, improve secure coding practices, and coordinate remediation efforts across tools and processes.

CWE is maintained by MITRE with input from a broad community of contributors. The catalog organizes weaknesses

In practice, CWE is used throughout the software development life cycle. It supports threat modeling, secure

CWE complements other security resources such as CAPEC for attack patterns and CVE for individual vulnerabilities.