Referenced Items are not available for this document.
CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. It assigns a unique number to weakness types such as buffer overruns or cross-site scripting bugs (for example, CWE- 327 is "Use of a Broken or Risky Cryptographic Algorithm"). Shortly after the Top 25 list's release, Microsoft unveiled a document entitled, "The Microsoft SDL and the CWE/SANS Top 25," to explain how Microsoft's security processes can help prevent the worst offenders (http://blogs.msdn.com/sdl/ archive/2009/01/27/sdl-and-the -cwe-sans-top-25. aspx).
Published in:
Security & Privacy, IEEE
(Volume:7
,
Issue:
3
)
Date of Publication: May-June 2009
- Page(s):
- 68 - 71
- ISSN :
- 1540-7993
- INSPEC Accession Number:
- 10712808
- Digital Object Identifier :
- 10.1109/MSP.2009.69
- Product Type:
- Journals & Magazines
- Date of Current Version :
- 02 June 2009
- Issue Date :
- May-June 2009
- Sponsored by :
- IEEE Computer Society
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
