ITU-T X.1524 PDF

This Recommendation on the use of the common weakness enumeration (CWE) provides a "structured means" for the global exchange of information about software security weaknesses in architecture, design, code, or deployment that can make software systems insecure, unreliable and vulnerable to attack. Security tools, assessment services, and some types of security reviews can detect these types of software weaknesses. This "structured means" is often referred to as "CWE Compatibility" and defines the correct use of CWE. An information security weakness is a mistake in the software that could result in a vulnerability that can be used by a hacker to gain access to a system or network. The assignment of CWE identifiers is not within the scope of this Recommendation. A list of repositories for CWE identifiers and the associated context information is available in Appendix I.

The intention of CWE, the use of which is defined in this Recommendation, is to be comprehensive with respect to the software architecture, design, coding, and deployment errors that are the root causes of vulnerabilities and exposures. While CWE is designed to contain mature information, the primary focus is on identifying, educating, and describing these root causes of vulnerabilities and exposures so they can be avoided by developers, tested for, and managed by development teams as well as consistently reported by security tools and services.

This Recommendation is technically equivalent to and compatible with the "Requirements and Recommendation for CWE Compatibility and Effectiveness", version 1.0, dated July 28, 2011 https://cwe.mitre.org/compatible/requirements.html.