{"id":53356,"date":"2013-08-12T13:02:55","date_gmt":"2013-08-12T13:02:55","guid":{"rendered":"https:\/\/www.checkmarx.com\/?post_type=glossary&#038;p=3478"},"modified":"2026-02-10T12:28:19","modified_gmt":"2026-02-10T10:28:19","slug":"cwe-2","status":"publish","type":"learn","link":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/","title":{"rendered":"CWE"},"content":{"rendered":"<p style=\"text-align: justify\">The Common Weakness Enumeration Specification, shortened as CWE, is an formal list\u00a0of common, real-world software vulnerabilities to offer one common language to all the different entities developing and securing software. CWE&#8217;s ultimate goal is to help the security testing industry mature in their application security programs and the security testing of their projects.<\/p>\n<p style=\"text-align: justify\">The CWE is written in one common language to incl for the causes of security vulnerabilities found in software and applications. \u00a0It\u2019s a community project which is contributed to and designed by developers and software engineers alike from around the world.<\/p>\n<p style=\"text-align: justify\">CWE focuses on several areas of software development for enterprise level entities. One area is where Software Assurance and resources are dedicated to ensuring that the supply chain for software is protected from vulnerabilities. This looks at incrementally improving approaches to software assurance that reduce risk and the chance of new code being exposed to known problems.<\/p>\n<p><span style=\"color: #333333\"><!--more--><\/span><\/p>\n<p style=\"text-align: justify\">Each CWE entry drills down into the specifics, including a description summary, the point at which the weakness can be introduced, the coding languages and platforms which could be effected, the most common consequences, real-life examples, relationships to other CWE entries and more.<\/p>\n<p style=\"text-align: justify\">Like\u00a0<a href=\"https:\/\/checkmarx.com\/glossary\/cve-2\/\">CVE<\/a>, the CWE is maintained by the MITRE corporation and can be used as a benchmark to test security testing tools against each other. In fact, the CWE was created as a kind of supplement for the CVE, filling in the (many) gaps left up-in-the-air with CVE entries.<\/p>\n<p style=\"text-align: justify\">CWE has also published guidelines on\u00a0secure development practices. Risk management for the supply chain is also tackled with an in depth briefing to better adapt the chain to reduce risks to code. Furthermore, there\u2019s a focus on code analysis with a briefing paper from the Software and Supply Chain Assurance branch of the Department of Homeland Security.<\/p>\n<p style=\"text-align: justify\">Yet another part of the CWE project\u00a0is guidelines for\u00a0assessment and remediation tools for use in secure software development for platform management, static analysis, real-time threat prevention and more. Users can also access the full national vulnerability database, which includes a comprehensive listing of known remedies for CWE\u00a0vulnerabilities.<\/p>","protected":false},"author":84,"featured_media":106862,"parent":0,"menu_order":0,"template":"","meta":{"_acf_changed":false,"footnotes":""},"learn-cat":[1489],"class_list":["post-53356","learn","type-learn","status-publish","has-post-thumbnail","hentry","learn-cat-open-source-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CWE<\/title>\n<meta name=\"description\" content=\"Common Weakness Enumeration (CWE) - Designed to deliver a definition of different types of weaknesses in software applications &amp; development\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CWE\" \/>\n<meta property=\"og:description\" content=\"Common Weakness Enumeration (CWE) - Designed to deliver a definition of different types of weaknesses in software applications &amp; development\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-10T10:28:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/\"},\"author\":{\"name\":\"Avi Hein\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\"},\"headline\":\"CWE\",\"datePublished\":\"2013-08-12T13:02:55+00:00\",\"dateModified\":\"2026-02-10T10:28:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/\"},\"wordCount\":356,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/\",\"url\":\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/\",\"name\":\"CWE\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp\",\"datePublished\":\"2013-08-12T13:02:55+00:00\",\"dateModified\":\"2026-02-10T10:28:19+00:00\",\"description\":\"Common Weakness Enumeration (CWE) - Designed to deliver a definition of different types of weaknesses in software applications & development\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp\",\"width\":1200,\"height\":600},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\",\"name\":\"Avi Hein\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"caption\":\"Avi Hein\"},\"url\":\"https:\/\/checkmarx.com\/author\/avihein\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CWE","description":"Common Weakness Enumeration (CWE) - Designed to deliver a definition of different types of weaknesses in software applications & development","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/","og_locale":"en_US","og_type":"article","og_title":"CWE","og_description":"Common Weakness Enumeration (CWE) - Designed to deliver a definition of different types of weaknesses in software applications & development","og_url":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2026-02-10T10:28:19+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/"},"author":{"name":"Avi Hein","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79"},"headline":"CWE","datePublished":"2013-08-12T13:02:55+00:00","dateModified":"2026-02-10T10:28:19+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/"},"wordCount":356,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/","url":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/","name":"CWE","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp","datePublished":"2013-08-12T13:02:55+00:00","dateModified":"2026-02-10T10:28:19+00:00","description":"Common Weakness Enumeration (CWE) - Designed to deliver a definition of different types of weaknesses in software applications & development","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/learn\/open-source-security\/cwe-2\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/03\/open-source-security.webp","width":1200,"height":600},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79","name":"Avi Hein","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","caption":"Avi Hein"},"url":"https:\/\/checkmarx.com\/author\/avihein\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn\/53356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/learn"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/84"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn\/53356\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/106862"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=53356"}],"wp:term":[{"taxonomy":"learn-cat","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn-cat?post=53356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}