MITRE has shared this year’s list of the top 25 most common and dangerous weaknesses impacting software throughout the previous two calendar years.
The software bugs can potentially expose the systems they’re running on to attacks that could enable threat actors to take control of affected devices, gain access to sensitive information, or trigger a denial- of-service condition.
“Many professionals who deal with software will find the CWE Top 25 a practical and convenient resource to help mitigate risk,” MITRE said. “This may include software architects, designers , developers, testers, users, project managers, security researchers, educators, and contributors to standards developing organizations (SDOs).
For creating the list, MITRE scored each weakness based on its prevalence and severity after analyzing data for 37,899 CVEs from NIST’s National Vulnerability Database (NVD) and CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
MITRE has also focused some attacks on older flaws patched years before, showing that some organizations fail to update their systems even after a patch is available.
