The Common Weakness Risk Analysis Framework (CWRAF) provides a means
for software developers and consumers to prioritize software
weaknesses that are relevant for their business, mission, and deployed
technologies. In certain circumstances, a software weakness can lead
to an exploitable vulnerability.
By providing a repeatable way to customize the Common Weakness Scoring
System (CWSS), CWRAF enables people to reason and communicate about
the relative importance of different weaknesses. Users can
automatically generate a more targeted specification of "Top-N" lists
of weaknesses that are the most critical for the software that is used
in the relevant business domains, missions, and technology groups.
In conjunction with other activities, CWRAF ultimately helps
developers and consumers to introduce more secure software into their