Apologies for the internal communications goof moments ago!
The CWE team heard from you about the difficulty in navigating the CWE corpus to identify specific, desired mapping information. As part of a longer effort, the CWE team has produced an initial guidance materials which will help you identify the root cause CWE Entry for the respective CVE Records. Guidance for mapping vulnerabilities to weaknesses is now available on the “CVE → CWE Mapping Guidance” page on the CWE website.
This guidance is informed by two years of experience in analyzing and mapping thousands of CVE Records in the NIST’s National Vulnerability Database (NVD) to CWEs for calculating the annual CWE Top 25 list. By aligning CVE Records to the most applicable CWE Entries, you will be in a better position to mitigate or eliminate your associated operational risk most effectively.
Other Useful Hierarchical Views – via “CWE View-1000: Research Concepts,” “CWE View-699: Software Development,” and “CWE View-1194: Hardware Design,” each of which are targeted at specific hierarchical subsets of CWEs.
Keyword Scraper – a CWE Program-developed CVE description parsing script that identifies keywords in NVD’s CVE descriptions is expected to be available to the public in the near future. Meanwhile, you can create your own customized scripts/tools to fit your specific needs using suggestions in Keyword Scraper.