New CWE List of Common Security Weaknesses

MITRE has released version 4.0 of the community-developed Common Weakness Enumeration (CWE) list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list expands to include hardware security weaknesses. Additionally, version 4.0 simplifies the presentation of weaknesses into various views and adds a search function to enable easier navigation of the information.

The Cybersecurity and Infrastructure Security Agency (CISA) sponsors MITRE’s CWE program, which is a community-based initiative. CISA welcomes new partners to the CWE program. Visit to learn how to get involved.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No