Products

Secure Product Metrics

This page shows various metrics for the products developed and maintained by the Secure Stage.

We are actively supporting Common Weakness Enumeration (CWE) as a standard vulnerability classification system and a common language to discuss software weaknesses.

Using CWE as a foundation has several advantages:

  1. CWE is a comprehensive and well-documented system and can be considered as a de-facto standard for discussing software weaknesses.
  2. CWE provides mappings to other vulnerability and classification systems and/or rankins (such as OWASP Top 10).
  3. CWE provides a stable ontology: definitions can be added but existing definitions do not change (unlike OWASP rankings).

CWE is a hierarchical system with an ontology that is organized in a tree structure where a parent CWE is more general than its child; a child CWE captures a vulnerability in more specific terms than its parent.

Last modified December 13, 2023: Move development files in place (c26f66f9)
View page source - Edit this page - please contribute. Creative Commons License