AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
835 conversion software3/11/2024 NVD analysts score CVEs using CWEs from different levels of the hierarchical structure. NVD integrates CWE into the scoring of CVE vulnerabilities by providing a cross section of the overall CWE structure. Clicking the image to the right will open an enlarged version for viewing. The image to the right represents a portion of the overall CWE structure, the red boxes represent the CWEs being used by NVD. ) provide a finer granularity and usually have fewer or no children CWEs. CWEs at deeper levels in the structure (i.e. ) provide a broad overview of a vulnerability type and can have many children CWEs associated with them. CWEs located at higher levels of the structure (i.e. A detailed CWE list is currently available at the MITRE website this list provides a detailed definition for each individual CWE.Īll individual CWEs are held within a hierarchical structure that allows for multiple levels of abstraction. CWE is currently maintained by the MITRE Corporation. Each individual CWE represents a single vulnerability type. The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture.
0 Comments
Read More
Leave a Reply. |