论文信息 - Common weakness enumeration (CWE) status update

Common weakness enumeration (CWE) status update

This paper is a status update on the Common Weakness Enumeration (CWE) initiative [1], one of the efforts focused on improving the utility and effectiveness of code-based security assessment technology. As hoped, the CWE initiative has helped to dramatically accelerate the use of tool-based assurance arguments in reviewing software systems for security issues and invigorated the investigation of code implementation, design, and architecture issues with automation.

Robert A. Martin | Sean Barnum | Robert A. Martin | Sean Barnum

[1] Robert A. Martin. Being Explicit About Security Weaknesses , 2007 .

[2] Robert A. Martin,et al. The Case for Common Flaw Enumeration , 2005 .

[3] J. T. Lochner. The Journal of Defense Software Engineering , 1999 .