MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.
Software weaknesses encompass a wide range of issues, including flaws, bugs, vulnerabilities, and errors in software solutions' code, architecture, implementation, or design.
Weaknesses can endanger the security of the systems on which the software is installed and running. They can provide an entry point for malicious actors attempting to gain control over affected devices, access sensitive data, or trigger denial-of-service states.
"These weaknesses lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working," CISA
warned today.
To create this list, MITRE scored each weakness based on its severity and prevalence after analyzing 43,996 CVE entries from NIST's National Vulnerability Database (NVD) for vulnerabilities discovered and reported across 2021 and 2022, and a focus on CVE records added to CISA's
Known Exploited Vulnerabilities (KEV) catalog.
