#3285 Add 1 Blog @ CVE Records used for 2024 CWE Top 25 (#3294)

CVEProject · Dec 3, 2024 · e19b35f · e19b35f
1 parent 58860e4
commit e19b35f
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/public/images/news/cwe-top-25-logo.png b/public/images/news/cwe-top-25-logo.png
diff --git a/src/assets/data/news.json b/src/assets/data/news.json
@@ -1,5 +1,46 @@
 {
   "currentNews": [
+    {
+      "id": 444,
+      "newsType": "blog",
+      "title": "31,770 CVE Records Used as Basis for the “2024 CWE Top 25 Most Dangerous Software Weaknesses List”",
+      "urlKeywords": "CVE Records Basis 2024 CWE Top 25",
+      "date": "2024-12-03",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <i><a href='https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html' target='_blank'>2024 CWE Top 25 Most Dangerous Software Weaknesses</a></i> list was released by the <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE™) Program</a> on November 19, 2024. The newly released list highlights the most severe and prevalent weaknesses behind the <a href='https://cwe.mitre.org/top25/archive/2024/2024_methodology.html' target='_blank'>31,770 CVE Records mapped in the 2024 dataset</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Uncovering the root causes of these vulnerabilities serves as a powerful guide for investments, policies, and practices to prevent these vulnerabilities from occurring in the first place. These weaknesses lead to serious vulnerabilities in software, and an attacker can often exploit them to take control of an affected system, steal data, or prevent applications from working."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The 2024 CWE Top 25 is the first time that the <a href='/ProgramOrganization/CNAs'>CVE Numbering Authority (CNA)</a> community directly contributed CWE mapping reviews within the dataset, leveraging their expert knowledge of the products and access to information that might not be present in the CVE Record. In general, CNAs are best positioned to provide accurate <a href='https://cwe.mitre.org/documents/cwe_usage/guidance.html' target='_blank'>CWE mapping</a> determinations compared to third-party analysts, as CNAs are the authority for vulnerability information within their CNA scope and those closest to the products themselves."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Visit the <a href='https://cwe.mitre.org/top25/' target='_blank'>CWE Top 25 page</a> on the CWE website to view the full 2024 CWE Top 25 List, key insights, methodology, and more."
+        },
+        {
+          "contentnewsType": "image",
+          "imageWidth": "256",
+          "href": "/news/cwe-top-25-logo.png",
+          "altText": "CWE Top 25 Most Dangerous Software Weaknesses List logo",
+          "captionText": "https://cwe.mitre.org/top25/"
+        }
+      ]
+    },
     {
       "id": 443,
       "newsType": "news",