1. They Know Your Weaknesses--Do You?: Reintroducing Common Weakness Enumeration.
- Author
-
Yan Wu, Yesha, Yaacov, and Bojanova, Irena
- Subjects
- *
COMPUTER security , *COMPUTER software - Abstract
Knowing what makes your software systems vulnerable to attacks is critical, as software vulnerabilities hurt security, reliability, and availability of the system as a whole. The Common Weakness Enumeration (CWE), a community effort that provides the foundation for such knowledge, is not sufficient, accurate and precise enough to serve as the common language measuring stick and provide a common baseline for developers and security practitioners. In this article, we introduce the relevant body of knowledge that consolidates CWE, including the Semantic Template and Software Fault Pattern efforts, and how static analysis tools add value through CWEs. We also provide future directions, present our vision on CWE formalization, and discuss the value of CWE for not only software assurance community, but also for Computer Science. [ABSTRACT FROM AUTHOR]
- Published
- 2016