Security Report For SonarCloud 1.3: Added CWE Top 25 of 2023
September 6, 2023
We have released a new version (1.3) of the Security Plugin for SonarCloud™.
The version adds support for CWE Top 25 (2023) for PDF generation.
The latest “2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses” (CWE Top 25) list was released on June 21, 2023, on the CWE website.
The CWE Top 25 is calculated by analyzing public vulnerability data in the National Institute of Standards and Technology’s (NIST) U.S. National Vulnerability Database (NVD) for root cause mappings to CWE weaknesses for the previous two calendar years. These weaknesses lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working.
The 2023 CWE Top 25 also incorporates updated weakness data for recent Common Vulnerabilities and Exposures (CVE®) records in the dataset that are part of Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities Catalog (KEV).
Trend analysis on vulnerability data like this enables organizations to make better investment and policy decisions in vulnerability management. Many professionals who deal with software will find the CWE Top 25 a practical and convenient resource to help mitigate risk.
New features and changes:
– Added support for 2023 CWE Top 25.
Download the latest version
The Report for SonarCloud is now available for download via product download page.
Get your free trial and verify your code today!
bitegarden team
Helping companies to develop better software