CWE vs CVE

CWE and CVE are the two most used terms in the application security space. But, unfortunately, these two terms are the most confusing terms too for application security folks both for developers and security practitioners.

So, let’s demystify these!

CWE stands for “Common Weakness Enumeration”.

CVE stands for “Common Vulnerabilities & Exposures”.

Roughly, we can say that CWE is the cause and CVE is its effect. Let me explain this.

CWE focuses on a type of mistake or weakness that can be exploited with suitable conditions to produce a vulnerability in a product but CWE has no focus on vulnerabilities rather it has the main focus on mistakes that can occur in implementation, design or other phases of a product lifecycle.

A vulnerability is an occurrence of one or more such weaknesses within a product, in which the weakness can be used by a party to cause the product to modify or access unintended data, interrupt proper execution, or perform actions that were not specifically granted to the party who uses the weakness.

The below picture can help you to understand more about the differences between CWE and CVE.

I am looking forward to discussing more on this and knowing your thoughts and feedback.

Related posts:

Big data analytics is an amazing tool at the epicenter of the digital revolution. But it’s not foolproof. Here’s how successful companies deal with its potential drawbacks. Big data has a lot to…

The day-to-day activities highly depend on the online platform and web designs. Meaning 40.5% of the world’s population is using IT infrastructure. The figure keeps on increasing day by day. So, why…

This is what happened. I don’t want to admit it. It may seem like a code to you, or maybe you already know this language. I hope that you aren’t fluent in this language, the language that seeks the…