We have released a new version (1.3) of the Security Plugin for SonarCloud™.
The version adds support for CWE Top 25 (2023) for PDF generation.
The latest “2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses” (CWE Top 25) list was released
on June 21, 2023, on the CWE website.
The CWE Top 25 is calculated by analyzing public vulnerability data in the National Institute of Standards and
Technology’s (NIST) U.S. National Vulnerability Database (NVD) for root cause mappings to CWE weaknesses for the
previous two calendar years. These weaknesses lead to serious vulnerabilities in software. An attacker can often
exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working.
The 2023 CWE Top 25 also incorporates updated weakness data for recent Common Vulnerabilities and Exposures (CVE®)
records in the dataset that are part of Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited
Vulnerabilities Catalog (KEV).
2023 CWE Top 25 from MITRE
Trend analysis on vulnerability data like this enables organizations to make better investment and policy decisions
in vulnerability management. Many professionals who deal with software will find the CWE Top 25 a practical and
convenient resource to help mitigate risk.
New features and changes:
– Added support for 2023 CWE Top 25.
Download the latest version
The Report for SonarCloud is now available for download via product download page.
Get your free trial and verify your code today!
Start your free trial>
Helping companies to develop better software