What is the CWE Top 25?
CWE (Common Weakness Enumeration) is a comprehensive list of over 800 programming errors, design errors, and architecture errors that can lead to exploitable vulnerabilities – more than just the Top 25. The CWE/SANS Top 25 Most Dangerous Software Errors is a shortened list of the most widespread and critical errors that can lead to serious vulnerabilities in software, that are often easy to find and exploit. These are the most dangerous weaknesses because they enable attackers to completely take over the software, steal data, or prevent the software from working at all.
Enforcing CWE Compliance with Static Analysis
Parasoft is certified CWE-Compatible, which means that Parasoft users can easily understand which static analysis checker is associated with which CWE during configuration, remediation, and reporting. Because of Parasoft's CWE-centric approach, you don’t actually have to do anything special – just fix the violations and automatically generate what you need for compliance. Parasoft has also assisted prioritization (triage) and audit (suppress) activities by incorporating the CWE technical impact into the analytics hub.
As shown to the right, Parasoft's unique realtime feedback gives users a continuous view of compliance with the CWE, by providing interactive compliance dashboards, widgets, and reports that have the CWE risk assessment framework implemented right within the dashboard itself.