This Recommendation on the use of the common weakness enumeration (CWE) provides a"structured means" for the global exchange of information about software security weaknesses in architecture, design, code, or deployment that can make software systems insecure, unreliable and vulnerable to attack. Security tools, assessment services, and some types of security reviews can detect these types of software weaknesses. This "structured means" is often referred to as "CWE Compatibility" and defines the correct use of CWE. An information security weakness is a mistake in the software that could result in a vulnerability that can be used by a hacker to gain access to a system or network. The assignment of CWE identifiers is not within the scope of this Recommendation. A list of repositories for CWE identifiers and the associated context information is available in Appendix I.