The Difference Between CWE and CVE

July 19, 2014

MITRE is a government-funded organization that puts out standards to be used by the information security community. Two of the most popular of these are CWE and CVE, and they’re often confused by security practitioners. Here’s the simple distinction:

CWE stands for Common Weakness Enumeration, and has to do with the vulnerability—not the instance within a product or system.
CVE stands for Common Vulnerabilities and Exposures, and has to do with the specific instance within a product or system—not the underlying flaw.

Follow On X Subscribe On YouTube Follow On LinkedIn

supporting = loving

For 29.440 years I've been creating ad-free technical tutorials and essays here — 3,027 pieces and counting. It's a one-person effort that's also my life and livelihood. If it makes your day more livable in any way, please consider supporting the work with a monthly or one-time donation. Your support means a lot to me, and makes all the difference. 🫶🏼

Monthly Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

One-Time Support

♥ $5 ♥ $10 ♥ $25 ♥ $50 ♥ $100

This post was tagged with:

HOME·BLOG·ARCHIVES·ABOUT