Building Bridges of Security, Sovereignty and Trust in Business and Industry 27th Edition | Page 18

Building Trust in the Security of Software

[ 18 ] VDA Working Group 13( 2023). Automotive SPICE Process Reference Model, Version 4. https:// vda-qmc. de / wp-content / uploads / 2023 / 12 / Automotive-SPICE-PAM-v40. pdf.

[ 19 ] Washizaki, H.( ed., 2024). Guide to the Software Engineering Body of Knowledge 4.0. Washington, DC: IEEE Computer Society.

7 ACKNOWLEDGEMENTS

The views expressed in the OMG Journal of Innovation are the author’ s views and do not necessarily represent the views of their respective employers nor those of the Object Management Group ®( OMG ®).

© 2025 The OMG logo is a registered trademark of Object Management Group ®. Other logos, products and company names referenced in this publication are property of their respective companies.

‣ Return to the beginning of this article

‣ Return to the Table of Contents

ANNEX A

A. 1

COMMMON WEAKNESS ENUMERATION REPOSITORY

The Common Weakness Enumeration( CWE) Repository maintained by MITRE Corporation( http:// cwe. mitre. org /) is a collection of over 800 weaknesses in software architecture and source code that malicious actors have used to gain unauthorized entry into systems or to cause malicious actions.

The CWE Repository is a widely used industry source( http:// cwe. mitre. org / community / citations. html) that provides a foundation for the ITU-T X. 1524, ISO / IEC 29147:2014, and ISO / IEC 5055:2021 standards, in addition to 2 ISO / IEC technical reports:

• ITU-T X. 1524 ⎯ SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cybersecurity information exchange – Vulnerability / state exchange – Common weakness enumeration( CWE)

• ISO / IEC 29147:2014 Information Technology-- Security Techniques – Vulnerability Disclosure

• ISO / IEC 5055:2021 Information technology— Software measurement— Software quality measurement— Automated source code quality measures

• ISO / IEC TR 24772:2013 Information technology – Programming languages – Guidance to avoiding vulnerabilities in programming languages through language selection and use

Journal of Innovation 13