New Release: 2020 CWE Top 25 and CWE v4.2

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

New Release: 2020 CWE Top 25 and CWE v4.2


Dear CWE Global Community,


It is our pleasure to officially announce that the final “2020 CWE Top25 Most Dangerous Software Weaknesses” was published on our website on August 20th.


For the new list, CWE-related data was pulled directly from NVD for the calendar years 2018 and 2019 using both frequency and an average CVSS score to determine a rank order. The main advantage of this approach is that the Top 25 is an objective look at what we are actually seeing in the real-world.


The new Top 25 List, as well as a detailed breakdown of what has changed therein from last year’s iteration is here:


You may have seen some articles on the release and some buzz on social media. Here is a brief, early article on the release published by DHS via US-CERT at


At the same time of releasing the 2020 Top 25 List, we also published CWE 4.2, which includes the addition of 2 new views, 1 new SW weakness (CWE-1293: Missing Source Correlation of Multiple Independent Data), and fifteen new HW weaknesses. A detailed differences report of all changes can be found here:


We would love to hear from you! Please let us know your thoughts and feedback. We very much value your interest, participation, and engagement with CWE, and we look forward to your continued support. Thank you!



The CWE Team

Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426
MITRE - Solving Problems for a Safer World