A dictionary of software products defects is being made up

4th March 2007

In the near future specialized dictionary can be published, containing unified terms describing defects of software products. Now various companies specializing in the field of computer security, and independent researchers use different notions and definitions to describe the “gaps” in software. As a result, similar defects are often described in totally different languages. This makes it difficult to analyze the flaws and to get rid of them. The initiative of Common Enumeration Weakness (CWE) to create a dictionary of unified terms is precisely meant to solve the problem. The project of Common Enumeration Weakness, was created by the US Ministry of Internal Security. At present, according to the CNET News, CWE dictionary contains about 300 categories of software defects, such as, for example, "buffer overflow" and "format line error". Data for the dictionary is taken from many sources. Specialists analyze and correct information and adopt uniform definitions. In December last year, the participants of Common Enumeration Weakness project published the fifth draft version of the dictionary. Now they are working on the sixth one. However, the time of the final version release has not been named yet