CWEs vs CVEs, and How to Use Them

Episode 34 June 2, 2023
YouTube video

CWE: a common software weakness with standardized descriptors that could catalyze a vulnerability. CVE: a known public vulnerability associated with 3rd party software. Mark flies solo to explain the difference and how CVEs can help us at the prioritization stage, and how CWEs come into play further on the left as we correlate data across tools.

More tactics for AppSec Success are coming at AppSecCon 2023