Map Project CodeGuard rules to the new MITRE CWE Top 25 Most Dangerous Software Weaknesses (2025) #77
Description
The MITRE CWE Top 25 Most Dangerous Software Weaknesses for 2025 identifies the most frequent and impactful classes of software weaknesses based on real-world CVE and exploitation data; making it a valuable framework for prioritization and coverage assessment.
Objective
Create a comprehensive mapping between existing Project CodeGuard rules under and the MITRE CWE Top 25 Most Dangerous Software Weaknesses (2025).
This mapping should help:
- Evaluate CodeGuard rule coverage against the most dangerous software weaknesses.
- Identify gaps where new rules may be needed.
Proposed Deliverables
-
CWE Top 25 List Extraction
- Extract the 2025 MITRE Top 25 list including CWE IDs and names. ([CWE][2])
-
Rule–CWE Mapping Table (Core Rules)
- For each rule in
sources/core, map to one (or more) applicable CWE ID(s) from the Top 25. - Include rationale for each mapping (e.g., rule logic, threat mitigated).
Example table format:
CodeGuard Rule Description Mapped CWE ID(s) CWE Name (2025 Top 25) Notes codeguard-x-xyz.mdPrevent X CWE-79 Improper Neutralization of Input … Rule logic aligns with XSS patterns - For each rule in
-
Coverage Summary
- A summary of which Top 25 CWEs are covered by existing rules vs. missing.
- High-priority gaps requiring new rules.