Merge pull request #23 from ossf/cwe

GeauxJD · web-flow · commit 2eda76793408 · 2025-04-03T16:07:56.000-04:00
Add CWE
diff --git a/content/en/common-weakness-enumeration.md b/content/en/common-weakness-enumeration.md
@@ -0,0 +1,26 @@
+---
+title: Common Weakness Enumeration (CWE)
+status: Completed
+category: concept
+tags: ["fundamental", "", ""]
+---
+
+"Common Weakness Enumeration (CWE™) is a community-developed list
+of common software and hardware weaknesses. A “weakness” is a
+condition in a software, firmware, hardware, or service component
+that, under certain circumstances, could contribute to the introduction
+of vulnerabilities."
+
+Examples of CWEs are:
+
+* "Improper Neutralization of Input During Web
+  Page Generation ('Cross-site Scripting')" (CWE-79),
+* "Out-of-bounds Write" (CWE-787)
+* "Improper Neutralization of Special Elements used in an SQL Command
+  ('SQL Injection')" (CWE-89)
+
+Each CWE identifies a *type* of vulnerability.
+A specific vulnerability in a specific product, once publicly known,
+would receive a *CVE* identifier (not a CWE identifier).
+
+Source: https://cwe.mitre.org/about/index.html
diff --git a/wordlist.txt b/wordlist.txt
@@ -57,6 +57,8 @@ CSP
 CSPM
 csrc
 customizable
+CWE
+CWEs
 CVE
 CVSS
 cwe

-Original file line number
+Diff line change
 CSPM
 csrc
 customizable
 +CWE
 +CWEs
 CVE
 CVSS
 cwe