If you’re an organization that cares about security and the repercussions that come with that, then you probably already know all about Common Weakness Enumeration (CWE). CWE is a community project sponsored by the MITRE Corporation.

As a software vendor providing security vulnerability detection, it’s important to be part of the CWE Compatibility Program.  This program identifies vendors that are officially CWE-compatible. This means you can count on the vendor to provide guidance in their product with respect to CWE identifiers, including direct links to the wealth of information that is kept up to date at  MITRE. Because of all the information available, it’s an absolute must have for any developer who is trying to understand any particular security vulnerability.

There are several stages to the CWE Compatibility Program, so make sure that your vendor is at the final stage so they can be deemed CWE-Compatible. You can either look for this logo or simply go to CWE-Compatible Products and Services to verify that your vendor of choice is listed there.

Coding StandardsCWESecuritySecurity Vulnerabilities

About the Author: Alen Zukich

Hello, I'm Klocwork's Director of Product Management responsible for the company's product direction. I’m an Electrical Engineering graduate and CSPO. I’ve been with Klocwork for over a decade now including the time before we spun out. My passion is in the development tools space, so expect content related to software development.