CWEs vs CVEs, and How to Use Them
Episode 34
June 2, 2023

CWE: a common software weakness with standardized descriptors that could catalyze a vulnerability. CVE: a known public vulnerability associated with 3rd party software. Mark flies solo to explain the difference and how CVEs can help us at the prioritization stage, and how CWEs come into play further on the left as we correlate data across tools.
More tactics for AppSec Success are coming at AppSecCon 2023