Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software. The dictionary is maintained by the MITRE Corporation and can be accessed free on a worldwide basis. The purpose of CWE is to facilitate the effective use of tools that can identify, find and resolve bugs, vulnerabilities and exposures in computer software before the programs are publicly distributed or sold.
CWE has been assembled in three levels called tiers. The top tier divides known weaknesses into a few large, general classes for discussion among enterprise management people, academics, researchers and vendors. The middle tier consists of several dozen groups of definitions categorized for use by security experts, system administrators and software developers. The lower tier is the full list, intended for people at all levels including personal computer (PC) users. The entries in CWE are numbered for reference.
CWE is compiled and updated by a diverse, international group of experts from business, academic institutions and government agencies, ensuring breadth and depth of content. CWE provides standardized terminology, allows service providers to inform users of specific potential weaknesses and proposed resolutions, allows software buyers to compare similar products offered by multiple vendors and allows legal personnel to formalize contracts, terms and conditions relevant to software use.