CWE 是社区开发的具有安全影响的常见软件和硬件漏洞类型列表。“弱点”是软件或硬件实现、代码、设计或架构中的缺陷、故障、错误或其他错误,如果不加以解决,可能会导致系统、网络或硬件容易受到攻击。CWE 列表和相关的分类分类作为一种语言,可用于识别和描述 CWE 方面的这些弱点。
针对开发和安全从业者社区,CWE 的主要目标是通过教育软件和硬件架构师、设计师、程序员和收购方如何在产品交付之前消除最常见的错误,从源头上阻止漏洞。最终,使用 CWE 有助于防止各种困扰软件和硬件行业并使企业面临风险的安全漏洞。
针对开发和安全从业者社区,CWE 的主要目标是通过教育软件和硬件架构师、设计师、程序员和收购方如何在产品交付之前消除最常见的错误,从源头上阻止漏洞。最终,使用 CWE 有助于防止各种困扰软件和硬件行业并使企业面临风险的安全漏洞。
Common Weakness Enumeration (CWE™) is a community-developed list of common software and hardware weakness types that have security ramifications. “Weaknesses” are flaws, faults, bugs, or other errors in software or hardware implementation, code, design, or architecture that if left unaddressed could result in systems, networks, or hardware being vulnerable to attack. The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.
CSDNhttps://mp.csdn.net/mp_blog/creation/editor/123714312
Targeted at both the development and security practitioner communities, the main goal of CWE is to stop vulnerabilities at the source by educating software and hardware architects, designers, programmers, and acquirers on how to eliminate the most common mistakes before products are delivered. Ultimately, use of CWE helps prevent the kinds of security vulnerabilities that have plagued the software and hardware industries and put enterprises at risk.
CWE helps developers and security practitioners to:
Describe and discuss software and hardware weaknesses in a common language.
Check for weaknesses in existing software and hardware products.
Evaluate coverage of tools targeting these weaknesses.
Leverage a common baseline standard for weakness identification, mitigation, and prevention efforts.
Prevent software and hardware vulnerabilities prior to deployment.