CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > Community >  
ID

Working Groups (WGs) and Special Interest Groups (SIGs)

You may request to join any WG, SIG, or Email Collaboration List included on this page by emailing [email protected]. We look forward to hearing from you!


CWE Community WGs and SIGs

Artificial Intelligence Working Group (AI WG)

The AI WG was established by CWE™ and CVE® community stakeholders to identify and address gaps in the CWE corpus where AI-related weaknesses are not adequately covered, and work collaboratively to fix them.

Request Information/Join


Hardware CWE Special Interest Group (HW CWE SIG)

The HW CWE SIG offers a forum for researchers and representatives from organizations operating in hardware design, manufacturing, and security to interact, share opinions and expertise, and leverage each other’s experiences in supporting the continued growth and adoption of CWE as a common language for defining hardware security weaknesses. The objective of the HW CWE SIG is to establish a stakeholder community for discussing HW CWE content and explore further cross-organizational collaboration opportunities.

Fact Sheet | GitHub Repository | Request Information/Join


Root Cause Mapping Working Group (RCM WG)

The RCM WG was established by CVE® and CWE™ community stakeholders (e.g., Intel, Microsoft, Red Hat, Rapid 7, CISA, HSSEDI) with the purpose of determining how to improve and scale accurate root cause mapping. Specifically, the working group is exploring the feasibility of an effective decentralized root cause mapping ecosystem.

GitHub Repository | Request Information/Join


User Experience Working Group (UEWG)

The UEWG is working to develop strategies and solutions for improving how CWE weaknesses are presented, optimizing CWE content, and educating end users.

Fact Sheet | GitHub Repository | Request Information/Join


Email Collaboration Lists

While there is support for ad-hoc working meetings, the following function primarily as mailing lists.

ICS/OT Special Interest Group (ICS/OT SIG)

The ICS/OT SIG email discussion list offers a forum for researchers and technical representatives from organizations operating in industrial control systems (ICS) and operational technology (OT) design, manufacturing, and security to interact, share opinions and expertise, and leverage each other’s experiences in supporting continued growth and adoption of CWE as a common language for defining ICS/OT security weaknesses.

Fact Sheet | GitHub Repository | Join Email List


REST API Working Group (REST API WG)

The REST API WG collaborates via the REST API WG email discussion list. The objective of the REST API WG is to ease the interface between security software and hardware architects, EDA tool developers, verification engineers concerned about mitigating security risks in their products; and the databases themselves, by designing a RESTful API. The CWE REST API is available here.

Fact Sheet | GitHub Repository | Join Email List


CWE Research Discussion

The CWE Research Discussion Email List is a lightly moderated public forum to discuss CWE definitions, suggest potential definition expansion(s), and/or submit new definitions. General discussion of the vulnerabilities themselves is also welcome.

Discussion Archive | Registration Form

Back to top
Page Last Updated: February 11, 2025
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.