Relationship with CWE
(Common Weakness Enumeration)
CWE provides a comprehensive repository of known weaknesses, while the CERT® C Secure Coding standard identifies insecure coding constructs that may expose a weakness in the software.
Not all CERT® C coding guidelines map directly to weaknesses in the CWE, because some coding errors can manifest themselves in various ways that do not directly correlate to any given weakness. Similarly, not all weaknesses identified by CWE are present in the coding standard as some are related to high level design.
CWE is made up of a series of views, such as the dictionary view and the development view. The CWE-734 view enumerates weaknesses addressed by the CERT® C Secure Coding Standard and includes 103 out of the 799 total CWEs. Developers can fully or partially prevent the weaknesses identified in CWE-734 if they adhere to the CERT® coding standard.
PRQA's' compliance module is certified CWE compatible and provides extensive CWE mapping to find and fix security vulnerabilities. in C- programming languages.