Security-Database is now CWE Compatible !

This agreement mean that our work on standards is now officially recognize by those how write them ;) Mitre. It’s a lot of work, and an achievement for those long days and nights working on Security-Database.

Common Weakness Enumeration (CWE™) is a formal list or dictionary of common software weaknesses that can occur in software’s architecture, design, code or implementation that can lead to exploitable security vulnerabilities. CWE was created to serve as a common language for describing software security weaknesses; serve as a standard measuring stick for software security tools targeting these weaknesses; and to provide a common baseline standard for weakness identification, mitigation, and prevention efforts.

"CWE-compatible" means that a tool, Web site, database, or other security product or service uses CWE names in a manner that allows it to be cross-referenced with other products that employ CWE names. CWE-compatible means:

• CWE Searchable : users may search security elements using CWE identifiers.
• CWE Output : security elements presented to users includes, or allows users to obtain, associated CWE identifiers
• Mapping Accuracy : security elements accurately link to the appropriate CWE identifiers
• CWE Documentation : capability’s documentation describes CWE, CWE compatibility, and how CWE-related functionality in the capability is used
• CWE Coverage : for CWE-Effectiveness, capability’s documentation explicitly lists the CWE identifiers that the capability is effective at locating in software
• CWE Test Results : for CWE-Effectiveness, test results from the capability showing the results of assessing software for the CWEs are posted on the CWE Web site

Also, thanks to all our fans/members/followers and visitors who give us the strength to work on Security-Database.

The Team