CWE vs CVE

CWE and CVE are the two most used terms in the application security space. But, unfortunately, these two terms are the most confusing terms too for application security folks both for developers and security practitioners.

So, let’s demystify these!

CWE stands for “Common Weakness Enumeration”.

CVE stands for “Common Vulnerabilities & Exposures”.

Roughly, we can say that CWE is the cause and CVE is its effect. Let me explain this.

CWE focuses on a type of mistake or weakness that can be exploited with suitable conditions to produce a vulnerability in a product but CWE has no focus on vulnerabilities rather it has the main focus on mistakes that can occur in implementation, design or other phases of a product lifecycle.

A vulnerability is an occurrence of one or more such weaknesses within a product, in which the weakness can be used by a party to cause the product to modify or access unintended data, interrupt proper execution, or perform actions that were not specifically granted to the party who uses the weakness.

The below picture can help you to understand more about the differences between CWE and CVE.

I am looking forward to discussing more on this and knowing your thoughts and feedback.

Related posts:

Slow travel refers to an approach to traveling that focuses on getting to know and connecting with the people, place, cuisine and neighbourhood that you are spending time in. It often means spending…

Th drinks are splashing, we all wasted, we in a state that we all “shit-faceted-” thanks Eminem. However, there is an etiquette that we must follow, when we enter the jungle of the Dancefloor. We all…