So far, there has not been a perfect solution to ridding the world of software and hardware weaknesses. Keeping up-to-date with which weaknesses have are most common and impactful can be a daunting task. Thankfully, a list has been made to do just that the Common Weakness Enumeration Top 25 (CWE). The CWE Top 25 is a community-developed list of the most dangerous common software and hardware weaknesses that are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working.OverviewBelow is an overview of the 2020 CWE Top 25 list.
Figure 1 Top 25 CWE 2020The CWE team created the 2020 list by leveraging the CVE data found within the National Vulnerability Database (NVD) and the CVSS scores associated with each CVE. They created a formula to rank the weaknesses by frequency and impact. First, they generated a normalized count of how many CVEs reference each CWE. Then they normalized the average CVSS score for the vulnerabilities associated with each CWE. The results were multiplied together and then by 100 to create a score out of 100.LimitationsThe CWE Top 25 is not perfect. It is still subjected to several limitations to the data-driven approach.Data BiasCWE sources data from NVD which doesn’t cover all vulnerabilities. There are numerous vulnerabilities that have not yet been given a CVE ID, and therefore are excluded from the approach. An example would be if a vulnerability was found and fixed before being publicly disclosed.Th ..
Support the originator by clicking the read the rest link below.
){kind=link}