Cwe Top 25 Most Dangerous Software Errors List

CWE Top 25

The CWE Top 25 Most Dangerous Software Errors List is a free, easy to use community resource that identifies the most widespread and critical programming errors that can lead to serious software vulnerabilities. These weaknesses are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

First released in 2009, the CWE Top 25 was at that time constructed by aggregating survey responses from a wide selection of developers, security analysts, researchers, and vendors who nominated weaknesses they considered to be the most prevalent or important to determine a ranking. The 2010 and 2011 releases also followed this approach, but it remained labor-intensive and subjective. In 2019, a new data-driven approach was undertaken that is repeatable and can be scripted to generate a CWE Top 25 list on a regular basis with minimal effort. The 2019 CWE Top 25 uses real-world vulnerability data from the U.S. National Vulnerability Database (NVD), combining frequency and an average Common Vulnerability Scoring System (CVSS) score to determine a rank order.

Today, the CWE Top 25 is used by software developers, software testers, software customers, software project managers, security researchers, and educators to provide insight into some of the most prevalent security threats in the software industry.

Copied from