The CWE can be a useful reference to use when performing medical device software risk management and security vulnerability analysis. The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. Each individual CWE represents a single vulnerability type. CWE is currently maintained by the MITRE Corporation with support from the National Cyber Security Division (DHS).
A detailed CWE list is currently available at the MITRE website. This list provides a detailed definition for each individual CWE: NVD CWE Slice.