2023 CWE Top 25 is now available!
September 4, 2023
We have released a new version (2.17) of the Security Plugin for SonarQube™.
The version adds support for CWE Top 25 (2023) for both sections, SonarQube UI and PDF generation.
The latest “2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses” (CWE Top 25) list was released on June 21, 2023, on the CWE website.
The CWE Top 25 is calculated by analyzing public vulnerability data in the National Institute of Standards and Technology’s (NIST) U.S. National Vulnerability Database (NVD) for root cause mappings to CWE weaknesses for the previous two calendar years. These weaknesses lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working.
The 2023 CWE Top 25 also incorporates updated weakness data for recent Common Vulnerabilities and Exposures (CVE®) records in the dataset that are part of Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities Catalog (KEV).
Trend analysis on vulnerability data like this enables organizations to make better investment and policy decisions in vulnerability management. Many professionals who deal with software will find the CWE Top 25 a practical and convenient resource to help mitigate risk.
Check out this sample project on our demo instance>
New features and changes:
– Added support for 2023 CWE Top 25.
Download the new version
The Security Plugin is now available for download via the Universal Plugin Manager or from the product download page.
Get your free trial and verify your code today!
bitegarden team
Helping companies to develop better software