Security-Database is now CWE Compatible !
Security-Database is very proud to announce that we are now Officially Register as "CWE-Compatible". You can reach the announce on the CVE Website here.
This agreement mean that our work on standards is now officially recognize by those how write them ;) Mitre. Itâ€™s a lot of work, and an achievement for those long days and nights working on Security-Database.
Common Weakness Enumeration (CWEâ„¢) is a formal list or dictionary of common software weaknesses that can occur in softwareâ€™s architecture, design, code or implementation that can lead to exploitable security vulnerabilities. CWE was created to serve as a common language for describing software security weaknesses; serve as a standard measuring stick for software security tools targeting these weaknesses; and to provide a common baseline standard for weakness identification, mitigation, and prevention efforts.
"CWE-compatible" means that a tool, Web site, database, or other security product or service uses CWE names in a manner that allows it to be cross-referenced with other products that employ CWE names. CWE-compatible means:
- CWE Searchable : users may search security elements using CWE identifiers.
- CWE Output : security elements presented to users includes, or allows users to obtain, associated CWE identifiers
- Mapping Accuracy : security elements accurately link to the appropriate CWE identifiers
- CWE Documentation : capability’s documentation describes CWE, CWE compatibility, and how CWE-related functionality in the capability is used
- CWE Coverage : for CWE-Effectiveness, capability’s documentation explicitly lists the CWE identifiers that the capability is effective at locating in software
- CWE Test Results : for CWE-Effectiveness, test results from the capability showing the results of assessing software for the CWEs are posted on the CWE Web site
Also, thanks to all our fans/members/followers and visitors who give us the strength to work on Security-Database.