-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Mark E. Haase edited this page Jun 18, 2024
·
4 revisions
The CWE Calculator enables software development teams to score and prioritize discovered weaknesses empirically based on data in the National Vulnerability Database (NVD). You can customize the calculator in several ways, including timeboxing, CWE normalization, and supplying CVSS environmental modifiers.
The calculator is available in three forms:
- Command line tool. Query CWE scores using a command line interface and using local configuration and cached data. Read more...
- Web service. Submit CWE queries to a web service in JSON format, which can be helpful in CI/CD setups because the calculator does need to download and cache a significant amount of data. Read more...
- Python library. Create your own bespoke solution that calls directly into the Python library that powers both the command line client and the web service. The library has a simple interface that you can learn by reviewing the code for the command line tool.
This work was inspired by the methodology behind the CWE Top 25