CWE Top 25 Releases 2021 Update

CWE Top 25 Releases 2021 Update

In a release from The Cybersecurity and Infrastructure Security Agency (CISA) on July 21, 2021, it was announced that the Common Weakness Enumeration (CWE) Top 25 list has been updated from the previous 2020 version. The CWE Top 25 is a list that uses real-world data from the National Vulnerability Database (NVD) to identify current most dangerous software weaknesses that can lead to serious vulnerabilities in software.

According to MITRE, the main difference between the 2020 and 2021 list is “the continued transition to more specific weaknesses as opposed to abstract, class-level weaknesses.” They estimate that Base-level CWEs now comprise ~71% of all Top 25 entries. The biggest movements up the list are identified as:

  1. CWE-276 (Incorrect Default Permissions): from #41 to #19
  2. CWE-306 (Missing Authentication for Critical Function): from #24 to #11
  3. CWE-502 (Deserialization of Untrusted Data): from #21 to #13
  4. CWE-862 (Missing Authorization): from #25 to #18
  5. CWE-77 (Improper Neutralization of Special Elements used in a Command (‘Command Injection’)): from #31 to #25

According to CISA, users and administrators are encouraged to “review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt.”

The CWE Top 25 list is an invaluable tool for enhancing cybersecurity within medical systems. Noting the trends in the most up-to-date version of this list allows for cybersecurity processes to adapt and review previously established systems for currently emerging cybersecurity threat trends.

Access the MITRE site at this link:  https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html

See other cybersecurity posts:  https://softwarecpr.com/tag/cybersecurity/

Cybersecurity Review

Our cybersecurity experts are NESSUS Pro Licensed and can quickly remediate cybersecurity deficiencies with your medical device or digital health software.  Planning, requirements, validation, and submissions – we can assist with all.

Interested in having a conversation?  Email us to arrange a Zoom meeting or call us at +1 781-721-2921.

office@softwarecpr.com

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN), Canada, and Italy.