Home » Blog » Tags » cwetop25

cwetop25

CWE Top 25 2022. Review of changes

By Andrey Karpov | Jul 20, 2022 10:43 AM | Tags: sast devsecops cwetop25 cwe25 cwe

The CWE Top 25 list reflects the most serious software security weaknesses. I invite you to read the updated top list to become aware of the changes happened over the past year.

CWE Top 25 2022. Review of changes

by Mikhail Gelvih

From the article:

Below is a table of correspondence between the CWE Top 25 2022 list and the PVS-Studio diagnostic rules, divided by programming languages. You can always check the most up-to-date table with CWE Top 25 coverage on our website.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

By Andrey Karpov | Sep 29, 2021 01:23 PM | Tags: static analysis sast pvs-studio devtool cwetop25 cwe cvss common weakness enumeration

For the first time PVS-Studio provided support for the CWE classification in the 6.21 release. It took place on January 15, 2018. Years have passed since then and we would like to tell you about the improvements related to the support of this classification in the latest analyzer version.

CWE Top 25 2021. What is it, what is it for and how is it useful for static analysis?

by Mikhail Gelvih

From the article:

We have been using the CWE classification for PVS-Studio diagnostics for more than three years. Their number increases every year. In 2018, we covered only 94 points on the CWE list. Now it's almost 130. However, this article isn't about the total number of diagnostics. Let's talk about those that are included in the list of the most dangerous diagnostics in 2021. If you want to read the full list, you can get it in the "CWE compliance" section of our documentation.